[cabfpub] Forbid DTPs from doing Domain/IP Ownership Validation ballot draft (2)
pzb at amzn.com
Mon Apr 24 08:28:29 MST 2017
> On Apr 24, 2017, at 7:41 AM, Gervase Markham via Public <public at cabforum.org> wrote:
> On 20/04/17 18:57, Ryan Sleevi wrote:
>> That is, if 18.104.22.168 were worded to somehow suggest that:
>> "The CA SHALL confirm that, as of the date the Certificate issues, the
>> CA has validated each Fully‐Qualified Domain Name (FQDN) listed in the
>> Certificate using at least one of the methods listed below, or is within
>> the Domain Namespace of a Fully-Qualified Domain Name (FQDN) that has
>> been validated using at least one of the methods listed below. "
> Are we happy that, for all 10 methods, proof of control of
> foo.example.com makes it fine to issue wibble.fish.foo.example.com?
No. One of the 10 does not allow that.
More information about the Public