[cabf_validation] Agenda for this week

Doug Beattie doug.beattie at globalsign.com
Tue Jan 2 13:50:04 MST 2018


Hi Tim,

 

This isn't super important, but something I would like to discuss at some
point as a new domain validation method for domain re-validation only.  I
think I brought this up casually once a while back.

-          Once you have a domain, or set of domains validated and a cert
issued with a bunch of SANs, is it possible to verify that when the new
certificate is present on a SAN (within 30 days) it constitutes a new domain
validation for that SAN and that would re-set the 825 day domain validation
clock?  It's basically #9 but with a production certificate (which is OK,
because going into this the domains were all validated using one of the
approved methods for initial domain validation).  If the CA wanted to re-use
the domain validation for more than one SAN in that certificate, then each
SAN would need to be verified to have the new certificate present.

 

If we did this, then CAs would effectively not need to do new domain
validations if the SANs didn't change as long as they recorded the
applicable validations (for each SAN, you found the new certificate).

 

Doug

 

From: Validation [mailto:validation-bounces at cabforum.org] On Behalf Of Tim
Hollebeek via Validation
Sent: Tuesday, January 2, 2018 2:45 PM
To: CA/Browser Forum Validation WG List <validation at cabforum.org>
Subject: [cabf_validation] Agenda for this week

 

 

Please let me know if you have other topics you want discussed.

 

1.	Continue IP validation discussion.
2.	EV improvement discussion.

 

Homework from previous call:

 

-          continue to think about ways to improve EV

-          be familiar with the methods your company uses to validate IPs
(if any)

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180102/00ee68eb/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5682 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20180102/00ee68eb/attachment-0001.p7s>


More information about the Validation mailing list