[cabf_validation] Pre-ballot discussion for Method 10 replacement

Tim Hollebeek tim.hollebeek at digicert.com
Mon Jan 28 14:00:54 MST 2019


I support this strategy and would endorse.

 

-Tim

 

From: Validation <validation-bounces at cabforum.org> On Behalf Of Doug Beattie
via Validation
Sent: Monday, January 28, 2019 2:33 PM
To: validation (validation at cabforum.org) <validation at cabforum.org>
Subject: [cabf_validation] Pre-ballot discussion for Method 10 replacement

 

I've had a couple of side discussions with various people, so I figured I
toss this our for discussion on a Method 10 replacement strategy.   If this
is generally agreed to, then I'll look for 2 endorsers and get a Ballot
number.

 

 

 

This ballot sets and end date to Method 10 and defines a replacement method
based on the IETF TLS ALPN specification.

 

--- MOTION BEGINS ---

This ballot modifies the "Baseline Requirements for the Issuance and
Management of Publicly-Trusted Certificates" as follows, based on Version
1.6.2:

 

Replace the content of section 3.2.2.4.10 with:

 

This method has been retired and MUST NOT be used for issuance of
certificates after May 31, 2019. Prior validations using this method and
validation data gathered according to this method SHALL NOT be used to issue
certificates after May 31, 2019.

 

 

Add Section 3.2.2.4.17  TLS ALPN

Confirming the Applicant's control over a FQDN by validating domain control
of the FQDN using TLS as specified in this specific IETF specification and
version:  https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05 

Note: Once the FQDN has been validated using this method, the CA MAY also
issue Certificates for other FQDNs that end with all the labels of the
validated FQDN.  This method is suitable for validating Wildcard Domain
Names.

 

 

 

--- MOTION ENDS ---

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20190128/0c1b159d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20190128/0c1b159d/attachment.p7s>


More information about the Validation mailing list