SC-XXX: Validation method in TLS Certificates #554
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Introduce two new extensions in Section 7 of the TBRs * Add extensions to 7.1.2.7.6 * Add new section 7.1.2.12 with subsections for the Domain Validation Methods Extension and the IP Address Validation Methods Extension
* Updated how the profile extension definitions refer to the new sections (i.e. removed the notes, added the pointer in the "presence" column) * Removed allowance of putting in multiple validation methods for a single SAN entry * Added extensibility indicator to the namedbitlist and (hopefully) fixed the formatting to follow X.680 07/2002 style
Removing text that is not clear in its interaction with certificate encoding and duplicative of what the ASN.1 encoding describes
The methods that are no longer supported have been removed from the list in 7.1.2.12.1 Method 20 was erroneously missed and has been added to the list in 7.1.2.12.1
|
as I said on issue, onion validation methods in appendix B needs care: I won't tell which way because I'm kinda shy from being a 'intrested party': I feels I'm not worth such name, but not want to create IP problem. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As discussed in #459 and previously in Ballot 226 (circa 2018), there is value in having data available within Certificates indicating what domain and/or IP Address Validation Methods have been used by a CA to verify Subscriber control or ownership of the SAN values included in the Certificate.
Building on the discussion and approach determined in 2018 as most appropriate for conveying this information, this Ballot introduces two new extensions which house the Validation Methods used to issue a Certificate.