Does anyone recall offhand why section 7.1.5 doesn't also refer to section 3.2.2.1?
Section 7.1.5 says, "The CA SHALL confirm that the Applicant has registered the FQDN contained in the rfc822Name or has authorized by the domain registrant to act on the registrant’s behalf in line with the verification practices of Section 3.2.2.3." Section 3.2.2.3 is "Validating applicant as operator of associated mail server(s)", and section 3.2.2.1 is "Validating authority over mailbox via domain." Was there a concern that 3.2.2.1 was too broad and that validation had to be done pursuant to section 3.2.2.3? And what about section 3.2.2.2 (validating control over mailbox via email). Thanks, Ben
_______________________________________________ Smcwg-public mailing list Smcwg-public@cabforum.org https://lists.cabforum.org/mailman/listinfo/smcwg-public