You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to dev-secur...@mozilla.org
assume CA do domain validation by itself in parallel, can it ask 3rd
party service to assert if they see the same token and reject order if
3rd party couldn't see it?
wonder if it's delegating part of domain validation or can be considered
like additional checks like if customer paid or not.
for example, for agreed-upon change to website v2, it doesn't hurt to
see if a CA check over a 3rd party monitors to test if they see the same
page as over CA's own network, isn't it?
Corey Bonnell
unread,
Jul 31, 2023, 10:05:57 AM7/31/23
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Seo Suchan, dev-secur...@mozilla.org
Hi Seo,
A CA must fulfill its obligation to perform domain validation as defined in BR
3.2.2.4 using a Certificate System that is audited under the NCSSRs.
Additional checks would be considered a High Risk check, and there is no
prohibition on the delegation of such High Risk checks. So, I believe such
checking is compliant with the BRs (and MRSP).