Skip to content

Commit

Permalink
BRs 1.7.2
Browse files Browse the repository at this point in the history 
This incorporates the following ballot:

- https://cabforum.org/2020/08/14/ballot-sc33-tls-using-alpn-method/
  • Loading branch information
@wthayer
wthayer committed Sep 23, 2020
1 parent 6b870f9 commit 8605661
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 6 deletions.
6 changes: 3 additions & 3 deletions assets/BR.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
---
title: Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates
subtitle: Version 1.7.1
version: "1.7.1"
subtitle: Version 1.7.2
version: "1.7.2"
author:
- CA/Browser Forum
date: 20 August, 2020
date: 22 September, 2020
documentclass: report
titlegraphic: ../assets/cabforum.png
copyright: |
Expand Down
15 changes: 12 additions & 3 deletions docs/BR.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@

**CA/Browser Forum**

**Version 1.7.1**
**Version 1.7.2**

**August 20, 2020**
**September 22, 2020**

**www.cabforum.org**

Expand Down Expand Up @@ -119,6 +119,7 @@ The following Certificate Policy identifiers are reserved for use by CAs as an o
| 1.7.0 | SC29 | Pandoc-Friendly Markdown Formatting Changes | 20-Mar-2020 | 4-May-2020 |
| 1.7.1 | SC30 | Disclosure of Registration / Incorporating Agency | 13-Jul-2020 | 20-Aug-2020 |
| 1.7.1 | SC31 | Browser Alignment | 16-Jul-2020 | 20-Aug-2020 |
| 1.7.2 | SC33 | TLS Using ALPN Method | 14-Aug-2020 | 22-Sept-2020 |


\* Effective Date and Additionally Relevant Compliance Date(s)
Expand Down Expand Up @@ -680,7 +681,7 @@ This method has been retired and MUST NOT be used. Prior validations using this

##### 3.2.2.4.10 TLS Using a Random Number

Confirming the Applicant's control over the FQDN by confirming the presence of a Random Value within a Certificate on the Authorization Domain Name which is accessible by the CA via TLS over an Authorized Port.
This method has been retired and MUST NOT be used. Prior validations using this method and validation data gathered according to this method SHALL NOT be used to issue certificates.

##### 3.2.2.4.11 Any Other Method

Expand Down Expand Up @@ -787,6 +788,14 @@ If the CA follows redirects:

**Note:** Once the FQDN has been validated using this method, the CA MAY also issue Certificates for other FQDNs that end with all the labels of the validated FQDN. This method is suitable for validating Wildcard Domain Names.

##### 3.2.2.4.20 TLS Using ALPN

Confirming the Applicant's control over a FQDN by validating domain control of the FQDN by negotiating a new application layer protocol using the TLS Application-Layer Protocol Negotiation (ALPN) Extension [RFC7301] as defined in RFC 8737. The following are additive requirements to RFC 8737.

The token (as defined in RFC 8737, section 3) MUST NOT be used for more than 30 days from its creation. The CPS MAY specify a shorter validity period for the token, in which case the CA MUST follow its CPS.

**Note:** Once the FQDN has been validated using this method, the CA MAY NOT also issue Certificates for other FQDNs that end with all the labels of the validated FQDN unless the CA performs a separate validation for that FQDN using an authorized method. This method is NOT suitable for validating Wildcard Domain Names.

#### 3.2.2.5 Authentication for an IP Address

This section defines the permitted processes and procedures for validating the Applicant’s ownership or control of an IP Address listed in a Certificate.
Expand Down

0 comments on commit 8605661

Please sign in to comment.