[cabf_validation] FW: Improving 3.2.2.4.1 - draft text for VWG

Tim Hollebeek tim.hollebeek at digicert.com
Thu Jan 18 08:12:45 MST 2018 

 

 

From: Mads Egil Henriksveen [mailto:Mads.Henriksveen at buypass.no] 
Sent: Thursday, January 18, 2018 8:12 AM
To: Tim Hollebeek <tim.hollebeek at digicert.com>
Subject: Improving 3.2.2.4.1 - draft text for VWG

 

Hi Tim

 

I have been working on some text together with Entrust and Globalsign to
improve 3.2.2.4.1 - find draft below. 

 

In addition to this text, we will include some definitions from EVG (QGIS,
QTIS, QIIS) and we are working on some changes to 3.2.5 as well.

 

Can I ask you to distribute this to the VWG for today's call - to get some
initial reactions? I am not a member of the VWG, but will try to join the
meeting today. 

 

Regards

Mads 

 

3.2.2.4.1 Validating the Applicant as a Domain Name Registrant

Conforming the Applicant's control over the FQDN by validating the Applicant
as the Domain Name Registrant by verifying that: 

1.       The name of the Domain Name Registrant substantially matches the
Applicant's name AND

2.       Additional information about the Domain Name Registrant in the
WHOIS meet the following requirements:

i.	The Registrant's postal address in the WHOIS belongs to the
Applicant. CAs MUST verify this by matching it with one of the Applicant's
addresses in: (a) a QGIS, QTIS, or QIIS; or (b) a Verified Professional
Letter. 
Note: Address details in the WHOIS are required to use this option. Address
details must include at a minimum the Country and either Locality, State or
Province. OR 
ii.	The WHOIS contains the Registration (or similar) Number assigned to
the Applicant by the Incorporating or Registration Agency in its
Jurisdiction of Incorporation or Registration as appropriate. CAs MUST
verify this by matching the Registration Number in the WHOIS with the
Applicant's Registration Number in a QGIS or a QTIS. 

Additionally, this method may only be used if: 

1. The CA authenticates the Applicant's identity under BR Section 3.2.2.1
and the authority of the Applicant Representative under BR Section 3.2.5, OR

2. The CA authenticates the Applicant's identity under EV Guidelines Section
11.2 and the agency of the Certificate Approver under EV Guidelines Section
11.8; OR 

3. The CA is also the Domain Name Registrar, or an Affiliate of the
Registrar, of the Base Domain Name. 

 

Note: Once the FQDN has been validated using this method, the CA MAY also
issue Certificates for other FQDNs that end with all the labels of the
validated FQDN. This method is suitable for validating Wildcard Domain
Names.

 

This revised version of BR 3.2.2.4.1 shall apply to domain validations
occurring on or after June 1, 2018.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180118/405b3ece/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20180118/405b3ece/attachment.p7s>

More information about the Validation mailing list