[cabf_validation] Question on 3.2.2.4.7 DNS Change
Doug Beattie
doug.beattie at globalsign.com
Thu Jun 20 14:39:36 UTC 2024
As we're working on MPIC, we're taking a closer look at the validation methods. Method 3.2.2.4.7 specifies:
* Confirming the Applicant's control over the FQDN by confirming the presence of a Random Value or Request Token for either in a DNS CNAME, TXT or CAA record for either 1) an Authorization Domain Name; or 2) an Authorization Domain Name that is prefixed with a Domain Label that begins with an underscore character.
DNS TXT and CAA records have a clear structure that can accommodate a Random Value or Request Token, but It's not clear to me how a random value could be in a CAA record. Do we interpret this to mean we will follow the CNAME and then find either a DNS TXT or CAA record containing the value?
Doug
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 34505 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20240620/c3a70ebb/attachment-0001.bin>
More information about the Validation
mailing list