Forking off to a new thread because it doesn't really need to block Ballot 218, and as Ryan noted, the issue might exist elsewhere.
> > In 3.2.2.4.12, shouldn’t it be Applicant Representative instead of > > Applicant? Applicant is an organization, Applicant Representative is a > > person. > > I think it's correct as Applicant, since the use case we're discussing is the > sort of logical account (e.g. the Applicant is the entity who requests the > certificate, and is also the Domain Registrant). > > I think supporting this would be looking at how 3.2.2.4.3 handles > "Applicant's request" rather than "Applicant Representative's request" - > which I think is the same manifestation of the point you're raising here. > That said, I can also see an argument that both 3.2.2.4.3 and this should be > using "Applicant Representative", because you wouldn't want "just anyone" > from Google to be able to get a certificate. Put differently, if you were to > call Google and ask "Can Google request a certificate for http://google.com";, > the answer is always yes. If your question is "Can Ryan Sleevi request a > certificate for http://google.com";, the answer is ... Maybe ;) > > However, even with that, I think "Applicant" is still the better/correct > answer, and think any risk is mitigated by the "Domain Contact" language > requiring that it not just be "an Employee of Google" but the "Domain Name > Registrant, technical contact, or administrative contract", where Registrant > is similarly scoped as "the person(s) or entity(ies) registered with a Domain > Name Registrar as having the right to control how a Domain Name is used" > > Would you agree? I don't think 12 and 3 are completely parallel cases. In 3, you are calling the Domain Contact on the phone. This is fine because they are the Domain Contact. That person may be neither the Applicant nor the Applicant representative, but they are presumably authoritative about issues of domain control, by virtue of being a Domain Contact. I think this is your point. In 12, you're trying to verify that the Applicant is the Domain Contact. This makes sense in cases where the Applicant is the Domain Name Registrant. I'm struggling to understand what it means to compare the Applicant to the "technical contact" or "administrative contact" listed in WHOIS. Who do I compare the fictional entity [email protected] with Google? Do we really mean "Applicant is the Domain Name Registrant", since unless you're a person, your administrative contact and technical contact will not be the Applicant? But I think we intended to allow the technical contact and administrative contact to be authoritative. So maybe "Applicant is the Domain Name Registrant or the Applicant Representative is the technical contact or administrative contact, as listed in WHOIS" ? Maybe there's no problem here, but there do seem to be cases where #12 is attempting to compare apples and oranges. -Tim
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
