[cabf_validation] Registrar validation method
pzb at amzn.com
Thu Mar 15 08:16:04 MST 2018
As discussed at the F2F, I think we should look at add a CA/Registrar confirmation method that is a little more transparent and also works when the CA and Registrar are not affiliates. As a starting point, I propose:
"184.108.40.206.13 Registrar challenge validation
Confirming the Applicant’s control over the request Domain Name by confirming the presence of a Random Value or Request Token in a response from the Domain Name Registrar or Registry received in response to a request containing an Authorization Domain Name."
This is the same text I proposed back in October (https://cabforum.org/pipermail/public/2017-October/012423.html <https://cabforum.org/pipermail/public/2017-October/012423.html> ), and Geoff Keating and Tim Hollebeek responded with some comments. Notably Geoff wrote "I like the concept, but can we be a bit more specific than just ‘in response to a request’? For example, can we say ‘in response to a WHOIS request for the Authorization Domain Name’?"
I’m open to suggestions on how to refine this, but one of the challenges is the chicken and egg problem — we only have half the required parties in the Forum (no registrars), so defining a specific implementation may be hard until we have a couple working implementations.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Validation