[cabf_validation] Doubt on validation of IP addresses by CAs that are also network operators

Adriano Santoni adriano.santoni at staff.aruba.it
Tue Aug 4 02:14:44 MST 2020

Hi all,

I have a doubt regarding the validation of IP addresses.

Maybe I am just overlooking some word or sentence in the BR that solves 
my doubt, but right now I just cannot see it.

Among the methods allowed by the BR for the validation of domains, we 
have method #12:

" Validating Applicant as a Domain Contact

Confirming the Applicant's control over the FQDN by validating the 
Applicant is the Domain Contact. This method may only be used if the CA 
is also the Domain Name Registrar, or an Affiliate of the Registrar, of 
the Base Domain Name."

If I am not overlooking anything, it seems that we do not have a similar 
method for IP addresses, and my doubt is then "why".

If a CA is also an Autonomous System and is directly managing a 
dedicated server - on a specific IP address - for the Applicant, the CA 
knows with certainty that the Applicant controls such IP address, based 
on its records.

TIA for any hints and remarks,


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20200804/3237709b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4557 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20200804/3237709b/attachment.p7s>

More information about the Validation mailing list