[cabf_validation] Using 3.2.2.4.2/.3 for future domains

Ryan Sleevi sleevi at google.com
Fri Mar 23 02:30:55 MST 2018


Note: I was discussing having the CA disclose the validation method used in
the certificate. Without this, the CAA tags proposal is simply one half of
policy, without a way for affected Subscribers or domain holders to detect
misissuance or malfeasance.

On Fri, Mar 23, 2018 at 5:04 AM, Tim Hollebeek <tim.hollebeek at digicert.com>
wrote:

> That’s correct, we remain strongly in favor of allowing domain holders to
> restrict validation methods.  It’s one of the more important parts of my
> CAA tags proposal, which unfortunately has gotten at best lukewarm support
> from other large CAs.
>
>
>
> -Tim
>
>
>
> I'm similarly interested in declaring the validation method(s) used,
> particularly for domain names, which provides a way for the domain holder
> to validate that the CAA policy is respected. I assume DigiCert's support
> for this has not waned since the last time it was discussed (in the context
> of 190)?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180323/34c7c65f/attachment.html>


More information about the Validation mailing list