This is excellent work and helps people understand each method a lot better. - Thanks! Let me know if you disagree with anything.
"The CA MUST record the subsection and version of the Baseline Requirements used to validate an Applicant’s control over each FQDN included in an issued certificate" When is this expected to become effective? - Immediately after the IPR period expires In methods 3.2.2.4.1, 3.2.2.4.2, 3.2.2.4.3, b (2), you say that the CA must verify that the WHOIS information for the Base Domain has not changed since the CA performed the verification process. Is this the WHOIS information record itself or should CAs be looking for the Domain Contact to appear in the WHOIS record? I'm asking because some WHOIS databases do not release Domain Contact information and CAs require an official document from the Domain Registrar that contains information about the domain owner and contacts for the initial domain validation. - Right now the time period in that section specifies the Domain language 825 days so it’s identical to the verification period. I put this in explicitly in case we wanted to reduce the period to of WHOIS re-confirmation to a lesser period (such as 90 days?). It should have said WHOIS or Domain Registrar though instead of just WHOIS. I also don’t mind dropping bullet point 2 if everyone is opposed to a WHOIS/Domain Registrar refresh. For example, this is the WHOIS record for example.gr: Domain Name:example.gr Domain Handle:dr-1234-gr Protocol Number:1234 Creation Date:24-07-1997 Expiration Date:31-12-2017 Updated Date:05-11-2015 Registrar:FOO Registrar Referral URL:http://www.FOO.gr Registrar Email:[email protected] <mailto:Email:[email protected]> Registrar Telephone:+30.123456 Whois Server: Bundle Name:example.gr Name Server:XXXX.example.gr Name Server:XXXXXX.example.gr According to your proposal, CAs only need to check if the record above has not changed? - Yes. That is the point of bullet point 2. To try and address issues where domain ownership may have changed. Also, there is a small typo in the 3rd paragraph of 3.2.2.4.2 a (FQNs --> FQDNs). - Thanks!
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
