From c2b2f14440df071975a7ced0050e69493a9fbb17 Mon Sep 17 00:00:00 2001 From: Aaron Gable Date: Mon, 13 Jan 2025 09:28:02 -0800 Subject: [PATCH 1/2] Describe our remote VAs in Section 3.2.2 Fixes https://github.com/letsencrypt/cp-cps/issues/234 --- CP-CPS.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CP-CPS.md b/CP-CPS.md index bc41d25..5c4bc5f 100644 --- a/CP-CPS.md +++ b/CP-CPS.md @@ -230,6 +230,8 @@ Prior to issuance of a Subscriber Certificate, ISRG uses at least one of the fol Validation for Wildcard Domain Names is only performed using the DNS Change method. +All validations and CAA checks performed by our Primary Network Perspectives are corroborated by multiple Remote Network Perspectives located in at least two distinct Regional Internet Registries. Each Remote Network Perspective has an independent DNS resolver and cache. + All validations are performed in compliance with the current CAB Forum Baseline Requirements at the time of validation. ### 3.2.3 Authentication of individual identity From 706850fcb74548e976c37a6404a4ed920306bf03 Mon Sep 17 00:00:00 2001 From: Aaron Gable Date: Mon, 13 Jan 2025 13:21:41 -0800 Subject: [PATCH 2/2] Update CP-CPS.md --- CP-CPS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CP-CPS.md b/CP-CPS.md index 5c4bc5f..131f89f 100644 --- a/CP-CPS.md +++ b/CP-CPS.md @@ -230,7 +230,7 @@ Prior to issuance of a Subscriber Certificate, ISRG uses at least one of the fol Validation for Wildcard Domain Names is only performed using the DNS Change method. -All validations and CAA checks performed by our Primary Network Perspectives are corroborated by multiple Remote Network Perspectives located in at least two distinct Regional Internet Registries. Each Remote Network Perspective has an independent DNS resolver and cache. +All successful validations and CAA checks performed by our Primary Network Perspectives are corroborated by multiple Remote Network Perspectives located in at least two distinct Regional Internet Registries. Each Remote Network Perspective has an independent DNS resolver and cache. All validations are performed in compliance with the current CAB Forum Baseline Requirements at the time of validation.