Confirm, administrator
5,526
edits
Changes
m
→Verifying Domain Name Ownership
Section 7 of the [http://www.mozilla.org/projects/security/certs/policy Mozilla CA Certificate Policy] states: “for a certificate to be used for SSL-enabled servers, the CA takes reasonable measures to verify that the entity submitting the certificate signing request has registered the domain(s) referenced in the certificate or has been authorized by the domain registrant to act on the registrant's behalf"
The CA's public documentation needs to provide sufficient information describing the steps taken by the CA to confirm that the certificate subscriber owns/controls the domain name to be included in the certificate. For instance, if a challenge-response type of procedure is used, than then there needs to be a brief description of the process. If public resources are used, then there should be a description of which public resources are used, what data is retrieved from public resources, and how that data is used to verify that the certificate subscriber owns/controls the domain name.
[http://en.wikipedia.org/wiki/WHOIS WHOIS] is used by some CAs as a source of information for checking
