20-02-18, Domain validation rules for issuing SSL certificates have been adjusted
A few days ago, the CA / B Forum, the industry regulator of SSL certificates, accepted by a majority vote proposal Ballot 218 associated with the removal of a several domain validation methods.
The major changes are related to section 22.214.171.124 of the main document "Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates". This section contains the permitted processes and procedures for verifying the domain ownership rights for the applicant.
According to Tim Hollebeek from DigiCert, this section needs to be reworked, as it contains methods that do not meet the objectives of Section 126.96.36.199.
What changes were made to the document
- Contact information about the domain owner can be obtained directly from the domain name registrar, which was described in paragraph 1.6.1.
- From 1 August 2018, domain contact information should not be used to verify the applicant, and successful verification of contacts cannot serve as a reason for issuing certificates. A new section, 188.8.131.52.12, is introducing the idea of permitting to use contact domain data to verify the applicant, but only if the certification authority is a domain name registrar or a partner of the base domain name registrar.
- From 1 August 2018, the Domain Authorisation Document should not be used to verify the applicant, and a successful verification of this document cannot serve as a reason for issuing certificates.
- Removed section 184.108.40.206.11, describing alternative methods for domain verification.
The rest of the domain validation rules remain unchanged.
Subscribe to our newsletters to keep informed of developments related to SSL!