[cabf_validation] domain registrar as an applicant

Dimitris Zacharopoulos jimmy at it.auth.gr
Mon Oct 22 08:26:18 MST 2018 

On 22/10/2018 4:23 μμ, Adriano Santoni via Validation wrote:
>
> In fact, I cannot describe any such process based on the current BRs. 
> Just wanted to see if anybody had a different opinion...
>
>

Adriano,

Based on the recent amendment of the definition of *Domain Contact*: 
"The Domain Name Registrant, technical contact, or administrative 
contract (or the equivalent under a ccTLD) as listed in the WHOIS record 
of the Base Domain Name or in a DNS SOA record, or as obtained through 
direct contact with the Domain Name Registrar"

you can retrieve this information from a Domain Name Registrar (again, 
as defined in 1.6.1). Once you have the Domain Contact for a specific 
Domain Name, you can use for example 3.2.2.4.2 to send an e-mail, 
3.2.2.4.3 to call, and so on, to validate the Domain.

Perhaps I have not understood your message correctly but I don't see any 
"doubt" or ambiguity in the BRs regarding this requirement. You usually 
start with some TLD and work towards the Base Domain Name.


Dimitris.

> Il 22/10/2018 15:10, Ryan Sleevi ha scritto:
>> I think any CA advocating that would need to describe under 3.2.2.4 
>> which method they're using to validate. Could you explain a process 
>> that a CA could use that compiles with one of the 3.2.2.4 validation 
>> methods that meets that?
>>
>> There had been some discussion about proposing additional methods - 
>> what, during the validation work, had been suggested as "3.2.2.4.13", 
>> which was a modification proposed by Peter Bowen at Amazon that would 
>> have allowed greater flexibility while still achieving the same 
>> security objectives of 3.2.2.4.12, in a more interoperable way. 
>> However, Peter didn't push that forward as .13, and no other member 
>> stepped up to do so.
>>
>> On Mon, Oct 22, 2018 at 5:25 AM Adriano Santoni via Validation 
>> <validation at cabforum.org <mailto:validation at cabforum.org>> wrote:
>>
>>     All,
>>
>>     I'd like to get some opinions on the following doubt.
>>
>>     Can it be inferred, from the BRs, that the entity which is is
>>     officialy designated (e.g. by governmental acts) as the /unique/
>>     registrar of a certain domain also /controls/ that domain and is
>>     therefore "entitled" (subject to the remaining checks required by
>>     the BRs) to receive SSL server certificates for such domain and
>>     all subdomains thereof? I mean, can we draw this conclusion based
>>     on "just" the official documental evidences (e.g. by governmental
>>     acts) ? Section 3.2.2.4 of the BRs seems not to allow that - or
>>     not too clearly, at any rate.
>>
>>     (Please note that I am not referring to the particular
>>     circumstance addressed by 3.2.2.4.12 of the BRs)
>>
>>     Adriano
>>
>>
>>     _______________________________________________
>>     Validation mailing list
>>     Validation at cabforum.org <mailto:Validation at cabforum.org>
>>     https://cabforum.org/mailman/listinfo/validation
>>
>
>
> _______________________________________________
> Validation mailing list
> Validation at cabforum.org
> https://cabforum.org/mailman/listinfo/validation

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20181022/8e573b36/attachment.html>

More information about the Validation mailing list