[cabf_validation] Using 3.2.2.4.2/.3 for future domains

[Ryan Sleevi]

OK. If we're willing to explore no longer using DNS or email to validate
domains, then I agree, this could be a fruitful exercise. We probably won't
have any technically valid way to validate domains, but sure, if we want to
go down that route, ok, then it's worth thinking about.

I hope we're better focused at scoping our work, and more pragmatic in
recognizing that unless we're willing to rip it all out, it's very much a
moot point, but it sounds like you're very much in favor of ripping out all
validation methods and starting over (which is what it'd take).

On Wed, Mar 21, 2018 at 6:22 AM, Tim Hollebeek <tim.hollebeek at digicert.com>
wrote:

> Oh, it certainly is possible to meaningfully do things about it.  They
> just might result in validation requirements that look a lot different from
> today’s validation requirements.  Given that we’ve currently embarked on a
> process of evaluating our current validation requirements and possibly
> making them very different, this would seem to be a good time to think
> about this.
>
>
>
> So I don’t think your argument that many of the current validation methods
> can be used to do this is a reasonable argument for why we can’t have a
> discussion about it.
>
>
>
> -Tim
>
>
>
>
>
> These sorts of things turn that on their head.  That may be fine, but we
> should look at them with a critical eye and see if they do what we want.
> The answer may be yes.  I’m still thinking them through.
>
>
>
> Right, and I'm disagreeing with that framing for how to approach it. If
> we're going to Have Opinions about it, we first have to explore whether
> it's even possible to meaningfully do anything about it. If not, it's a lot
> of handwringing and pearl-clasping for nothing.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180321/f7c84727/attachment.html>