On Mon, Apr 24, 2017 at 10:24 AM, Peter Bowen <[email protected]> wrote: > > 3.2.2.4.2: same as .1 >> > > How do you argue this? The random value must be unique and cannot be > reused > 30 days, so the documents and data obtained would need to be > redone. > > > I’m not suggesting to reuse the random value itself. I’m reusing the > documentation created when I verified the random value within 30 days of > creation. >
I see. That's an interesting definition of documentation that I did not believe was supported through the text. Could you expand on what you see this definition including? That is, I think suggesting that "the act of verifying" is equivalent to "producing documentation", and such documentation can be reused, is somewhat problematic and inconsistent with the text, but perhaps I've misunderstood. > And I suppose the interpretation that I'm taking is that 3.2.2.4 doesn't > enumerate ADN, but does enumerate FQDN, and the confirmation applies to the > FQDN, not the ADN, even if the FQDN was confirmed using an ADN. Because of > this, "completed confirmations" refers to the FQDN - so you can reissue > certificates for the same names, but you cannot add new names, even if an > ADN is used. > > On first reading, I was inclined to support your interpretation (if we > made it explicitly worded), but one problem with that interpretation is the > intersection with CAA. If we allow the ADN authorization to be reused, then > it allows bypassing the CAA checks for the FQDN, does it not? Or would you > agree that 3.2.2.8 applies regardless of the reuse of information - that > every FQDN must have CAA checked, regardless if authority was validated > using a (reused) ADN validation? > > > Where do you see 3.2.2.8 says you can skip it? I’m trying to take your > view that one runs the validation workflow (flowchart) each time you issue, > but the inputs may have been collected on a previous validation run. > Using your definition that the act of verifying the ADN is producing documentation, why wouldn't the act of verifying CAA be equivalent to producing documentation?
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
