[cabf_validation] Pre-ballot discussion for Method 10 replacement

Doug Beattie doug.beattie at globalsign.com
Mon Jan 28 12:33:25 MST 2019

I've had a couple of side discussions with various people, so I figured I toss this our for discussion on a Method 10 replacement strategy.   If this is generally agreed to, then I'll look for 2 endorsers and get a Ballot number.

This ballot sets and end date to Method 10 and defines a replacement method based on the IETF TLS ALPN specification.


This ballot modifies the "Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates" as follows, based on Version 1.6.2:

Replace the content of section with:

This method has been retired and MUST NOT be used for issuance of certificates after May 31, 2019. Prior validations using this method and validation data gathered according to this method SHALL NOT be used to issue certificates after May 31, 2019.

Add Section  TLS ALPN

Confirming the Applicant's control over a FQDN by validating domain control of the FQDN using TLS as specified in this specific IETF specification and version:  https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05

Note: Once the FQDN has been validated using this method, the CA MAY also issue Certificates for other FQDNs that end with all the labels of the validated FQDN.  This method is suitable for validating Wildcard Domain Names.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 29877 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20190128/307f167c/attachment-0001.bin>

More information about the Validation mailing list