delegated additional domain validation lookup

Skip to first unread message

Seo Suchan

Jul 31, 2023, 9:51:30 AM7/31/23
assume CA do domain validation by itself in parallel, can it ask 3rd
party service to assert if they see the same token and reject order if
3rd party couldn't see it?

wonder if it's delegating part of domain validation or can be considered
like additional checks like if customer paid or not.

for example, for agreed-upon change to website v2, it doesn't hurt to
see if a CA check over a 3rd party monitors to test if they see the same
page as over CA's own network, isn't it?

Corey Bonnell

Jul 31, 2023, 10:05:57 AM7/31/23
to Seo Suchan,
Hi Seo,
A CA must fulfill its obligation to perform domain validation as defined in BR using a Certificate System that is audited under the NCSSRs.
Additional checks would be considered a High Risk check, and there is no
prohibition on the delegation of such High Risk checks. So, I believe such
checking is compliant with the BRs (and MRSP).

You received this message because you are subscribed to the Google Groups
"" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to
To view this discussion on the web visit
Reply all
Reply to author
0 new messages