Thanks! The reason I asked -- I'm finalizing the Mozilla Root Store Policy
v. 2.9, and I'm thinking of referencing "3.2.2" as a way to broadly cover
the validation of information that might go in a name-constrained sub CA.
Thanks again,
Ben
On Tue, Aug 8, 2023 at 2:17 PM Stephen Davidson <
Hi Ben:
The reference to Section 3.2.2.3 goes with the "or has been authorized by the
domain registrant to act on the registrant's behalf" part only. The typical
verification of the domain under active control of the registrant would be done
via Section 3.2.2.1.
A possible clarification
Does anyone recall offhand why section 7.1.5 doesn't also refer to section
3.2.2.1?
Section 7.1.5 says, "The CA SHALL confirm that the Applicant has registered
the FQDN contained in the rfc822Name or has authorized by the domain
registrant to act on the registrant’s behalf in line with the
