Hi Seo, A CA must fulfill its obligation to perform domain validation as defined in BR 3.2.2.4 using a Certificate System that is audited under the NCSSRs. Additional checks would be considered a High Risk check, and there is no prohibition on the delegation of such High Risk checks. So, I believe such checking is compliant with the BRs (and MRSP).
Thanks, Corey -----Original Message----- From: [email protected] <[email protected]> On Behalf Of Seo Suchan Sent: Monday, July 31, 2023 9:51 AM To: [email protected] Subject: delegated additional domain validation lookup assume CA do domain validation by itself in parallel, can it ask 3rd party service to assert if they see the same token and reject order if 3rd party couldn't see it? wonder if it's delegating part of domain validation or can be considered like additional checks like if customer paid or not. for example, for agreed-upon change to website v2, it doesn't hurt to see if a CA check over a 3rd party monitors to test if they see the same page as over CA's own network, isn't it? -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/6a9a5f18-03ab-d9db-2314-5251eedb6b3b%40gmail.com. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/DM6PR14MB21863AD307BA6EDD76EAFFC99205A%40DM6PR14MB2186.namprd14.prod.outlook.com.
smime.p7s
Description: S/MIME cryptographic signature
