Discussion period begins: SC094v2: DNSSEC exception in email DCV methods

76 views
Skip to first unread message

Dimitris Zacharopoulos (HARICA)

unread,
Dec 19, 2025, 8:07:40 AM12/19/25
to CA/B Forum Server Certificate WG Public Discussion List

Summary: 

After discussions around DNSSEC enforcement [1] [2] [3] for all Domain Validation methods, and with the WG's decision that the e-mail Domain Validation methods are scheduled to be deprecated (SC090), in order to reduce complexity and confusion around the way to enforce DNSSEC checks on the various email service agents, an exception to the DNSSEC enforcement is proposed for those methods. 

This version (2) fixes an inconsistency issue raised on the SCWG public list.

More information is available in this pull request.

[1]: https://groups.google.com/a/groups.cabforum.org/g/validation/c/zIKy6Qffw3w/m/qYDGYDQLBAAJ 

[2]: https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/g4G7WF6uCHo/m/gX2Ek4S-BAAJ

[3]: https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/226_yZ8Lp4c/m/9bJhRHGpAAAJ 

The following motion has been proposed by Dimitris Zacharopoulos (HARICA) and endorsed by Roman Fischer (SwissSign) and Adriano Santoni (Actalis).

--- Motion Begins ---

This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates” (“Baseline Requirements”), based on Version 2.1.9.


MODIFY the Baseline Requirements as specified in the following Redline: https://github.com/cabforum/servercert/compare/a9f40a597e45605e499bc73a64aaa1d607bd5b0a.


--- Motion Ends ---

This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as follows:

Discussion (at least 7 days)

  • Start time: 2025-12-19 13:00:00 UTC
  • End time: on or after 2025-12-26 13:00:00 UTC

Vote for approval (7 days)

  • Start time: TBD
  • End time: TBD

I plan to leave the discussion period open until January 8, 2026.

Dimitris Zacharopoulos (HARICA)

unread,
Jan 6, 2026, 12:39:45 PM (2 days ago) Jan 6
to server...@groups.cabforum.org
Dear Members, Happy 2026!

Based on the feedback received so far, including Henry's [4], I plan to start the voting period on Thursday, January 8, around 16:00 UTC. If some Members need more time to review please let me know.


Best regards,
Dimitris.

[4]: https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/tuCF_14OGoM/m/ebRwObtADAAJ
--
You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/0667596d-5372-434d-8867-e3b31c471843%40harica.gr.

Reply all
Reply to author
Forward
0 new messages