[cabf_validation] FW: Improving 3.2.2.4.1 - draft text for VWG

Rick Andrews rick.andrews at digicert.com
Thu Jan 18 09:03:22 MST 2018


Webex is saying the meeting number isn’t valid or the meeting hasn’t started yet.

-Rick

On Jan 18, 2018, at 7:13 AM, Tim Hollebeek via Validation <validation at cabforum.org<mailto:validation at cabforum.org>> wrote:



From: Mads Egil Henriksveen [mailto:Mads.Henriksveen at buypass.no]
Sent: Thursday, January 18, 2018 8:12 AM
To: Tim Hollebeek <tim.hollebeek at digicert.com<mailto:tim.hollebeek at digicert.com>>
Subject: Improving 3.2.2.4.1 - draft text for VWG

Hi Tim

I have been working on some text together with Entrust and Globalsign to improve 3.2.2.4.1 – find draft below.

In addition to this text, we will include some definitions from EVG (QGIS, QTIS, QIIS) and we are working on some changes to 3.2.5 as well.

Can I ask you to distribute this to the VWG for today’s call - to get some initial reactions? I am not a member of the VWG, but will try to join the meeting today.

Regards
Mads


3.2.2.4.1 Validating the Applicant as a Domain Name Registrant
Conforming the Applicant's control over the FQDN by validating the Applicant as the Domain Name Registrant by verifying that:

1.       The name of the Domain Name Registrant substantially matches the Applicant’s name AND

2.       Additional information about the Domain Name Registrant in the WHOIS meet the following requirements:

     *   The Registrant’s postal address in the WHOIS belongs to the Applicant. CAs MUST verify this by matching it with one of the Applicant's addresses in: (a) a QGIS, QTIS, or QIIS; or (b) a Verified Professional Letter.
Note: Address details in the WHOIS are required to use this option. Address details must include at a minimum the Country and either Locality, State or Province. OR
     *   The WHOIS contains the Registration (or similar) Number assigned to the Applicant by the Incorporating or Registration Agency in its Jurisdiction of Incorporation or Registration as appropriate. CAs MUST verify this by matching the Registration Number in the WHOIS with the Applicant’s Registration Number in a QGIS or a QTIS.
Additionally, this method may only be used if:
1. The CA authenticates the Applicant's identity under BR Section 3.2.2.1 and the authority of the Applicant Representative under BR Section 3.2.5, OR
2. The CA authenticates the Applicant's identity under EV Guidelines Section 11.2 and the agency of the Certificate Approver under EV Guidelines Section 11.8; OR
3. The CA is also the Domain Name Registrar, or an Affiliate of the Registrar, of the Base Domain Name.

Note: Once the FQDN has been validated using this method, the CA MAY also issue Certificates for other FQDNs that end with all the labels of the validated FQDN. This method is suitable for validating Wildcard Domain Names.

This revised version of BR 3.2.2.4.1 shall apply to domain validations occurring on or after June 1, 2018.

_______________________________________________
Validation mailing list
Validation at cabforum.org<mailto:Validation at cabforum.org>
https://cabforum.org/mailman/listinfo/validation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180118/1a4c36f4/attachment-0001.html>


More information about the Validation mailing list