[cabf_validation] Registrar validation method
Peter Bowen
pzb at amzn.com
Thu Mar 15 08:16:04 MST 2018
As discussed at the F2F, I think we should look at add a CA/Registrar confirmation method that is a little more transparent and also works when the CA and Registrar are not affiliates. As a starting point, I propose:
"3.2.2.4.13 Registrar challenge validation
Confirming the Applicant’s control over the request Domain Name by confirming the presence of a Random Value or Request Token in a response from the Domain Name Registrar or Registry received in response to a request containing an Authorization Domain Name."
This is the same text I proposed back in October (https://cabforum.org/pipermail/public/2017-October/012423.html <https://cabforum.org/pipermail/public/2017-October/012423.html> ), and Geoff Keating and Tim Hollebeek responded with some comments. Notably Geoff wrote "I like the concept, but can we be a bit more specific than just ‘in response to a request’? For example, can we say ‘in response to a WHOIS request for the Authorization Domain Name’?"
I’m open to suggestions on how to refine this, but one of the challenges is the chicken and egg problem — we only have half the required parties in the Forum (no registrars), so defining a specific implementation may be hard until we have a couple working implementations.
Thanks,
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180315/615111bc/attachment.html>
More information about the Validation
mailing list