Just to elaborate on what Eric Mill said: Comodo allows validation of DV certs via the following methods:
1. Email based challenge 2. File based challenge: Upload a provided file with unique content to the server. The file can be provided over HTTP or HTTPS. 3. DNS challenge: validation by adding a specified value via a CNAME record. These challenges are evaluated automatically and the values generated are based off hashes of the CSR. RapidSSL, GeoTrust, and Thawte (all Symantec CAs) have similar mechanisms. If anyone would like to test these methods, I can assist with providing certificates and a medium through which these challenges are available. On Wednesday, December 2, 2015, Eric Mill <[email protected]> wrote: > > On Wed, Dec 2, 2015 at 6:12 PM, Richard Barnes <[email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: > >> On Wed, Dec 2, 2015 at 6:07 PM, James Cloos <[email protected] >> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: >> >>>>>> "RB" == Richard Barnes <[email protected]> writes: >> > >> > RB> If you look at what CAs do today, that basically means the port is >> > RB> 80/443. More generally, it means that the port needs to be >> specified >> > RB> by the challenge mechanism and not by the client. >> > >> > What CAs do any kind of challenge over anything other than smtp? >> >> Let's Encrypt and WoSign spring immediately to mind. They both do >> web-based validation. >> >> SSLMate also supports HTTP-based validation, and their certs are >> issued by real CAs. >> > > SSLMate also supports DNS-based validation (and since SSLMate is a > downstream provider of multiple upstream CAs, such as Comodo, each upstream > CA necessarily supports the same validation mechanism). > > -- Eric > > >> So it's out there. >> >> --Richard >> >> >> > Tcp port numbers have no significance to "control of a domain". >> > >> > Or "control of a hostname", since the certs are issued for hostnames and >> > not for domain names. >> > >> > -JimC >> > -- >> > James Cloos <[email protected] >> <javascript:_e(%7B%7D,'cvml','[email protected]');>> OpenPGP: >> 0x997A9F17ED7DAEA6 >> >> _______________________________________________ >> Acme mailing list >> [email protected] <javascript:_e(%7B%7D,'cvml','[email protected]');> >> https://www.ietf.org/mailman/listinfo/acme >> > > > > -- > konklone.com | @konklone <https://twitter.com/konklone> > -- Vincent Lynch
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
