[cabf_validation] Onion Proposal

Wayne Thayer wthayer at mozilla.com
Mon Dec 23 15:37:04 MST 2019

Thanks Jacob and Roland. I've attempted to address your comments:

As I believe you are suggesting, I removed the requirement defining how to
communicate the nonce only to the Applicant.

I also made a few other changes to the draft:
* Add random value expiration:
* Anticipate changes to domain validation method #6:



On Thu, Dec 19, 2019 at 2:18 PM Jacob Hoffman-Andrews <jsha at letsencrypt.org>

> Thanks for moving this forward.
> My colleague Roland Shoemaker pointed out that this proposal introduces
> the term "Verified Method of Communication," which is only defined in the
> EVGLs, not the BRs. There's a similar definition in the BRs:
> Reliable Method of Communication: A method of communication, such as a
> postal/courier delivery address, telephone number, or email address, that
> was verified using a source other than the Applicant Representative.
> However, this is only used in the context of establishing Subject Identity
> Information to be included in the certificate. For certificates without
> Subject Identity Information, this is probably not necessary; that is,
> proof of control of the private key corresponding to the Onion address is
> sufficient on its own, so communication could be established, e.g. through
> an API account created by the Applicant Representative.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20191223/aebc7f8f/attachment.html>

More information about the Validation mailing list