On Thursday, 10 November 2016 19:53:25 UTC, Robin Alden wrote: > I can't speak to your assumptions, but I concede that it is not explicit in > the CPS. > > It is now documented at > https://secure.comodo.com/api/pdf/latest/Domain%20Control%20Validation.pdf > and in the knowledgebase article at: > https://support.comodo.com/index.php?/Knowledgebase/Article/View/791/16/alte > rnative-methods-of-domain-control-validation-dcv
Thanks Robin. And also for your definitive statement in the other post. A brief comment on the API document (the PDF): In section 3, HTTP Based DCV, an example is given and the hexadecimal values shown are the same for both the MD5 and SHA-1 hashes. Of course this would never happen in a real system, not least because the hashes are of different lengths. It would probably be clearer as an example if this was corrected (I assume the actual implementation is correct). _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
