[cabf_validation] Ballot 190

Jeremy Rowley jeremy.rowley at digicert.com
Thu May 4 12:45:57 MST 2017 

I wanted to make sure that I'm implementing the methods correctly. For each
FQDN you can verify the FQDN using the FQDN, an Authorization Domain, or
Base Domain, as specified in the method. Going through the methods, it looks
like the verification listed in the table below is permitted. Is this
everyone else's understanding? 

 


Method

FQDN

Authorization Domain

Base Domain


1. Domain Contact - This method relies on the definition of Domain Contact
which specifies the WHOIS person either at the FQDN or base domain. 

X

 

X


2. WHOIS Email - Only permits email to domain contact, but one of the
sentences mentions Authorization Domain? 

X

 

X


3. WHOIS Phone - Same as Email

X

 

X


4. Constructed Email - sending the email to authorization domain

X

X

X


5. Domain Document 

X

 

 


6. Agreed-Upon Change - Authorization domain specifically mentioned

X

X

X


7. DNS Change - Authorization domain name is mentioned but also permits
underscore

X

X

X


8. IP Address - No Authorization domain mentioned

X

 

 


9. Test Cert - Authorization domain mentioned

X

X

X


10. TLS Using a Random Number - Authorization Domain mentioned

X

X

X

 

 

Example, 

 

FQDN: Secure.mail.example.com


Method

Permitted Validation Domains


1. Domain Contact 

Secure.mail.example.com; Example.com


2. WHOIS Email

Secure.mail.example.com; Example.com


3. WHOIS Phone

Secure.mail.example.com; Example.com


4. Constructed Email

Secure.mail.example.com; mail.example.com; Example.com


5. Domain Document

Secure.mail.example.com


6. Agreed-Upon Change

Secure.mail.example.com; mail.example.com; Example.com


7. DNS Change

Secure.mail.example.com; mail.example.com; Example.com
_{value}.Secure.mail.example.com; _{value}.mail.example.com;
_{value}.Example.com


8. IP Address

Secure.mail.example.com


9. Test Certificate

Secure.mail.example.com; mail.example.com; Example.com


10. TLS w/ Random Number

Secure.mail.example.com; mail.example.com; Example.com


 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20170504/12729c20/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20170504/12729c20/attachment-0001.bin>

More information about the Validation mailing list