Hi Peter,

Is the "right to use" (in p. 1) defined somewhere?


On 2/4/2018 9:19 PM, Peter Bowen via Public wrote:
There has been a lot of discussion of which validation methods are acceptable 
and meet the bar for issuance of a certificate but I've not seen anyone clearly 
state the requirements for issuance. I think it is important we agree on what 
is being certified before we try to fix the validation process any further. 
Without doing so, there is no way to reasonably judge the effectiveness of any 

Section 9.6.1 of the BRs is the closest I could find to spelling out exactly 
what is being certified. Reading that, it looks like the following is true:

The issuer named in the certificate, as of the issuance date, certified that:

1) the Applicant either had the right to use, or had control of, the Domain 
Name(s) and IP address(es) listed in the Certificate’s subject field and 
subjectAltName extension or, in the case of Domain Names, was delegated such 
right or control by someone who had such right to use or control, and

2) the natural person, device, system, unit, or Legal Entity identified in the 
Certificate as the Subject authorized the issuance of the Certificate, and

3) the Subject is either the Applicant or a device under the control and 
operation of the Applicant, and

4) that the natural person or human sponsor who was either the Applicant, 
employed by the Applicant, or an authorized agent who had express authority to 
represent the Applicant was authorized to request the Certificate on behalf of 
the Subject, and

5) the issuer verified the accuracy of all of the information contained in the 
Certificate (with the exception of the subject:organizationalUnitName 
attribute), and

6) the issuer followed procedures to reduce the likelihood that the information 
contained in the Certificate’s subject:organizationalUnitName attribute is 

There may be other things certified, but these six things are required for all 
certificates, as I read the BRs.  Do others agree?  Should this list be longer 
or shorter?


Public mailing list

Public mailing list

Reply via email to