[cabf_validation] Using for future domains

Tim Hollebeek tim.hollebeek at digicert.com
Wed Mar 21 02:41:28 MST 2018

I’m suggesting we might want to consider forbidding or restricting it if after analyzing it we decide there are things about it we don’t like, in the same way we are considering potentially tightening up other things about domain validation methods.


I don’t have strong feelings about it right now, but it is certainly not something we contemplated when we originally thought about the requirements.  And that makes me a bit uneasy, especially since we spent a lot of time in many cases while writing the requirements to make sure that domain validations were fresh and that the operator was affirmatively involved.


These sorts of things turn that on their head.  That may be fine, but we should look at them with a critical eye and see if they do what we want.  The answer may be yes.  I’m still thinking them through.




From: Wayne Thayer [mailto:wthayer at mozilla.com] 
Sent: Tuesday, March 20, 2018 9:43 PM
To: Tim Hollebeek <tim.hollebeek at digicert.com>
Cc: Ryan Sleevi <sleevi at google.com>; CA/Browser Forum Validation WG List <validation at cabforum.org>; Peter Bowen <pzb at amzn.com>
Subject: Re: [cabf_validation] Using for future domains


On Tue, Mar 20, 2018 at 2:26 PM, Tim Hollebeek <tim.hollebeek at digicert.com <mailto:tim.hollebeek at digicert.com> > wrote:


If it’s something we want to allow


Do you believe this isn't currently permitted by the BRs, or are you suggesting that we might want to forbid it?


, I think we want to articulate a clear set of principles that can be applied across all of the validation methods where this sort of thing is possible, instead of working piecemeal on each one.  The mistake we made last time, I think, was not working from a common set of general principles when writing and evaluating each validation method.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180321/edfefd33/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20180321/edfefd33/attachment-0001.p7s>

More information about the Validation mailing list