Peter, I'm confused why only the section 3.2.2.4.7 specifically addresses this concern, and how. If only it does, would it implies that CA must use this method of section 3.2.2.4.7 to validate a Base Domain Name, which happened to be an Authorization Domain Name requested by the applicant ? However, according to section 3.2.2.4, each FQDN listed in the certificate is required to be validated using AT LEAST one of the methods only.
Thanks, Man On 10/3/2016 3:53 AM, Peter Bowen wrote: > The new section 3.2.2.4.7 specifically > addresses DNS validation. Under the new rules, which should be in > effect as of 1 March 2017, validating www.<domain> will not be a valid > method of showing control of <domain>. The name is true for any valid > hostname under <domain>. The only note is that names in the form > _<something>.<domain> (that is starting with an underscore) can be > used to validate <domain>. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
