# This post is on behalf of my colleagues.
We support to strengthen 3.2.2.4.1.
Besides, we don't think that 3.2.2.4.1 and .5 can replace within a short
period.
In our understanding, we are using 3.2.2.4.1 and .5 in our validation
process. We understand that checking the domain with 3.2.2.4.1 or .5 is
insufficient to see if an applicant has control over a domain. It is
agreeable for us to confirm control over a domain by obtaining a change
on a targeting domain.
We might choose to move over time to some of other the methods, but they
may not be appropriate in all case. In addition, we had used 3.2.2.4.1
and .5 for long period, and procedures (including audit) have been
carried out on that premise.
To be more precise, we believe that 3.2.2.4.6 to .10 should be done with
automation, and should require following concern.
-Judgment for the automated system to be valid
-How to keep logs and audit trails in an automated system
-Explain to the audit firm that the system and log are valid
In addition, in Japan audit firms, inquiries to the home country are
prone to occur, and they answer after unpredictable lag. We want enough
time to deal with that lag. Furthermore, we will take some time to
create internal documents (including documents for audit) after their
answer.
We need to discuss the change to major customers after the above
adjustment. As mentioned above, 3.2.2.4.1 and .5 are methods that have
been used for many years, and it is conceivable that the business flows
of large customers are also built on these assumptions. Therefore, they
might need some period to review their flows.
Best Regards,
Masaki
On 2018/01/04 4:21, Tim Hollebeek via Public wrote:
Ballot 218: Remove validation methods #1 and #5
Purpose of Ballot: Section 3.2.2.4 says that it “defines the permitted
processes and procedures for validating the Applicant’s ownership or
control of the domain.” Most of the validation methods actually do
validate ownership and control, but two do not, and can be completed
solely based on an applicant’s own assertions.
Since these two validation methods do not meet the objectives of section
3.2.2.4, and are actively being used to avoid validating domain control
or ownership, they should be removed, and the other methods that do
validate domain control or ownership should be used.
The following motion has been proposed by Tim Hollebeek of DigiCert and
endorsed by Ryan Sleevi of Google and Rich Smith of Comodo.
-- MOTION BEGINS –
This ballot modifies the “Baseline Requirements for the Issuance and
Management of Publicly-Trusted Certificates” as follows, based upon
Version 1.5.4:
In Section 3.2.2.4.1, add text at the end: “For certificates issued on
or after March 1, 2018, this method SHALL NOT be used for validation,
and completed validations using this method SHALL NOT be used for the
issuance of certificates.”
In Section 3.2.2.4.5, add text at the end: “For certificates issued on
or after March 1, 2018, this method SHALL NOT be used for validation,
and completed validations using this method SHALL NOT be used for the
issuance of certificates.”
In Section 4.2.1, after the paragraph that begins “After the change to
any validation method”, add the following paragraph: “Validations
completed using methods specified in Section 3.2.2.4.1 or Section
3.2.2.4.5 SHALL NOT be re-used on or after March 1, 2018.”
-- MOTION ENDS –
For the purposes of section 4.2.1, the new text added to 4.2.1 from this
ballot is “specifically provided in a [this] ballot.”
The procedure for approval of this ballot is as follows:
Discussion (7+ days)
Start Time: 2017-01-03 19:30:00 UTC
End Time: Not Before 2017-01-10 19:30:00 UTC
Vote for approval (7 days)
Start Time: TBD
End Time: TBD
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
--
Masaki SHIMAOKA, Ph.D.
<[email protected]>
+81 422 76 2111 (4131)
SECOM IS Lab.
_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
