[cabf_validation] April 12 Validation WG Meeting Notes

Wayne Thayer wthayer at mozilla.com
Thu Apr 12 09:02:13 MST 2018


Notes from the April 12 Validation WG Meeting:

Attendees: Tim Hollebeek, Ben WIlson, Bruce Morton, Corey Bonnell, Doug
Beattie, Frank Corday, Frazier Evans, Joanna Fox, Li-Chun Chen, Quirin
Scheitle, Robin Alden, SHelley Brewer, Tim Shirley

1. Tim reviewed the Trello board - https://trello.com/invite/b/NuqJuIcZ/
f35083781ab0502866ad17e149bbf03d/validation-working-group
2. Discussed impact of the new bylaws on the VWG. Agreed that the VWG
intends to become a subcommittee of the Server Certificate WG. Tim will
announce the intent to do so.
3. Reviewed the Validation Summit Findings doc - https://docs.google.com/
document/d/1aJiOzYVTpoAPVWDucnp20cTO2PR_cRsHncvkhlrcR10/edit?usp=sharing
* Discussed method "a" that would replace method 10 with the proposed ACME
ALPN mechanism.
* Bruce added method "c" that is a modification of method 2, allowing an
authorized email address to be published in DNS
    ** Discussed the inclusion of the CAA record and decide to leave it
there in anticipation of the definition of an extension to CAA that would
support this usage.
* Discussed method "d" added by Bruce that allows a DNS record to specify a
URL the be used for method 6 website change validations. The idea is to
allow method 6 to be used in scenarios where changes to a production
website aren't permitted.
    ** Corey said that the use of a subdomain beginning with an underscore
as described in method 7 could be extended to some other methods. Tim added
this to the doc as method "f" with a note that we should define a standard
subdomain for this purpose.
* Tim described the method "e" in the doc in which a DNS or WHOIS  record
is pointed to the CA and once this is done the CA can always validate with
this method, regardless of the applicant. Tim suggested that we need to add
an account binding for these methods.
4. Tim asked how we should move forward. Doug proposed a ballot per method
that we want to improve, and ballots for each new method. Bruce suggested
that we also need to define the overall policy on what constitutes an
acceptable form of domain name validation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180412/5059cfd5/attachment.html>


More information about the Validation mailing list