Ballot SC-070: Clarify the use of DTPs for domain control validation … #488
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…475) * Clarify the use of third-party DNS recursive resolvers Add a sentence to BRs Section 3.2.2.4 clarifying that the use of DNS recursive resolvers which are operated outside the CAs audit scope qualifies as use of a Delegated Third Party, which is forbidden for domain control validation. * Include clarifications for Domain Contact and IP Address Contact These are clarifications that the CA must obtain information to be used in the Domain Validation process directly from Domain Name Registrars or IP Address Registration Authorities. CAs must not use third-party services outside their audit scope. * Add the same DNS clarification to 3.2.2.5 * Simplify references to Domain Contact * Consolidate new text into 3.2.2, and cover 3.2.2.8 CAA * Add effective date for CAA * Improve effective date table * Improve 1.3.2 effective date --------- Co-authored-by: Dimitris Zacharopoulos <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…(#475)
Add a sentence to BRs Section 3.2.2.4 clarifying that the use of DNS recursive resolvers which are operated outside the CAs audit scope qualifies as use of a Delegated Third Party, which is forbidden for domain control validation.
These are clarifications that the CA must obtain information to be used in the Domain Validation process directly from Domain Name Registrars or IP Address Registration Authorities. CAs must not use third-party services outside their audit scope.
Add the same DNS clarification to 3.2.2.5
Simplify references to Domain Contact
Consolidate new text into 3.2.2, and cover 3.2.2.8 CAA
Add effective date for CAA
Improve effective date table
Improve 1.3.2 effective date