srdavidson
commented
3 years ago The use of MX records should also be considered for email Domain Authorization.
Open srdavidson opened 3 years ago
srdavidson
commented
3 years ago The use of MX records should also be considered for email Domain Authorization.
srdavidson
commented
2 years ago The use of MX records should also be considered for email Domain Authorization.
MX records method added as Section 3.2.2.3.
srdavidson
commented
2 years ago The existing MX record method presumes that a service provider indicated in an MX record will be the Applicant across the board. An additional method using MX records has been proposed that allows the email domain holder to indicate a scope of email addresses for which the service provider is allowed to request certificates (i.e., to exert some constraints on the service provider). This will be more fully described for inclusion in a future version of the SBR.
In addition to the methods from the TLS BR for Domain Authorization, as well as Mailbox control using email, the following additional methods might be considered for Section 3.2.2.2:
Extensions to Automatic Certificate Management Environment for end-user S/MIME certificates
Automated Certificate Management Environment (ACME) Extension for Single Sign On Challenges