[cabf_validation] Outline of Method 1 Replacement
jonathan at titanous.com
Fri Mar 9 11:53:21 MST 2018
> On Mar 9, 2018, at 13:44, Wayne Thayer via Validation <validation at cabforum.org> wrote:
> My takeaway from the validation summit was that there is some possibility that a more robust version of method #1 can be defined. The concept behind 188.8.131.52.1 was that the Domain Name Registrant (DNR) implicitly permits issuance of certificates for the domain to the organization listed as the DNR.
Is there a compelling reason to bring back a new version of this method? It seems like any modification that adds the appropriate security properties would bring it very close to 184.108.40.206.2 / 220.127.116.11.3. Based on my understanding of the use of this method in the wild, it makes more sense to me for CAs to switch to .2 and .3 for domain ownership authorization and then do necessary additional subject validation with 18.104.22.168 or EVGL 11.8.3.
More information about the Validation