DISCUSSION PERIOD Begins | SC-088: DNS TXT Record with Persistent Value DCV Method

158 views

Skip to first unread message

Michael Slaughter

unread,

Aug 29, 2025, 10:30:54 AM (8 days ago) Aug 29

to Server Certificate WG (CA/B Forum)

SC-088: DNS TXT Record with Persistent Value DCV Method

Purpose of Ballot

The purpose of this ballot is to add section 3.2.2.4.22 "DNS TXT Record with Persistent Value" as a new domain control validation method in the Baseline Requirements for TLS Server Certificates. This method enables domain owners to establish account-scoped DNS validation records that can be reused across multiple certificate issuances, eliminating the need to update DNS records for each certificate renewal while maintaining equivalent security to existing DNS-based validation methods.

Motion

The following motion has been proposed by Michael Slaughter (Amazon Trust Services) and endorsed by Chris Clements (Google Chrome), Ryan Dickson (Google Chrome), Tim Hollebeek (Digicert) and Martijn Katerbarg (Sectigo).

You can view and comment on the Github pull request representing this ballot here.

Motion Begins

MODIFY the "Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates" ("TLS Baseline Requirements") based on Version 2.1.7 as specified in the following redline:

https://github.com/cabforum/servercert/compare/b6a014d4aee244c019ef6ca41667045cdbfefb81...f3809b252cc541528dcdc7dab9782b9efb0c507e

Motion Ends

This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as follows:

Discussion (at least 7 days)

Start time: August 29, 2025 14:30 UTC
End time: on or after September 5, 2025 14:30 UTC

Vote for approval (7 days)

Start time: TBD
End time: TBD

Reply all

Reply to author

Forward

0 new messages