[cabf_validation] Minutes for Sep 21 2017

Wayne Thayer wthayer at godaddy.com
Thu Sep 21 10:59:58 MST 2017

Someone also brought up the topic of discussing the blog on obtaining a fraudulent EV cert (https://0.me.uk/ev-phishing/) and what can be learned from it.

Another topic from the 27-July meeting notes is redirects. Jeremy, in a subsequent email you said:

…I’m proposing that we craft a ballot subsequent to 190 that:

  1.  Clarifies that CAs may use a re-direct on a permissible port for validation but may not use a re-direct to a new domain.  If the re-direct is to an authorization domain, the CA is verifying the authorization domain, so there isn’t a problem in simply stating that domain re-directs from an authorization domain do not verify the authorization domain. Let’s Encrypt’s answer on the general mailing list made the issue more confusing and increased questions about whether re-directs are allowed. I think we should put the issue to rest with clarifying requirement language.



From: Validation <validation-bounces at cabforum.org> on behalf of Jeremy Rowley via Validation <validation at cabforum.org>
Reply-To: Jeremy Rowley <jeremy.rowley at digicert.com>, CA/Browser Forum Validation WG List <validation at cabforum.org>
Date: Thursday, September 21, 2017 at 8:57 AM
To: CA/Browser Forum Validation WG List <validation at cabforum.org>
Subject: [cabf_validation] Minutes for Sep 21 2017

Agenda for the F2F

  1.  Experience with 190 so far
  2.  Issues with 190
  3.  IP address validation
  4.  CAA for IP addresses
  5.  CAA Flags (account, validation method, EV certs)
  6.  Standardization of validation method OID
  7.  What is reusable? Random value reuse and distribution (through a reseller?)
  8.  Role of parties in validation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20170921/cab2078a/attachment-0001.html>

More information about the Validation mailing list