> On May 20, 2017, at 8:11 AM, Peter Bowen <[email protected]> wrote:
>
>
>> On May 20, 2017, at 7:41 AM, Ryan Sleevi via Public <[email protected]
>> <mailto:[email protected]>> wrote:
>>
>>
>>
>> On Fri, May 19, 2017 at 9:47 PM, Jeremy Rowley <[email protected]
>> <mailto:[email protected]>> wrote:
>> “The certificate request MAY include all factual information about the
>> Applicant to be included in the Certificate, and such additional information
>> as is necessary for the CA to obtain from the Applicant in order to comply
>> with these Requirements and the CA’s Certificate Policy and/or Certification
>> Practice Statement.”
>>
>> This indicates a certificate request may include partial information.
>> I appreciate you mentioning this - as I've mentioned it several times - but
>> this doesn't address the concern related to 4.1.2
>
> How about we solve this by changing 4.2.1 to say:
>
> "The CA MUST have obtained documents and data used to verify
> certificate information no more than 825 days prior to
> issuing the Certificate.”
>
> This could also move to section 3.2 itself to help readers and implementers,
> as having it down in 4.2.1 has clearly caused confusion.
Looking back at this thread, I suggest we also modify 3.2.2.4:
The CA MUST confirm, prior to certificate issuance, that either
the CA or a Delegated Third Party has
validated each Fully‐Qualified Domain Name (FQDN) listed in
the Certificate using either one of the methods listed below
or a method that was allowed by the Baseline Requirements if effect at the time
of validation. The validation must have occurred no more than 825 days prior
to certificate issuance.
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
