← CABF Ballot Browser
SC-019
passed
Ballot SC019: Phone Contact with DNS CAA Phone Contact v2
Server Certificate Working Group
Key dates
- Voting opened
- 13 May 2019 7 years ago
- Voting closed
- 20 May 2019 7 years ago
- Discussion opened
- 02 May 2019 7 years ago
- Discussion closed
- 09 May 2019 7 years ago
Resources
GitHub diff
https://github.com/dougbeattie/documents/compare/master...dougbeattie:SC18-v1-CAA-Phone-Validation
https://github.com/dougbeattie/documents/compare/master…dougbeattie:SC18-v1-CAA-Phone-Validation
AI Summary
Ballot overview
- Ballot SC019: Phone Contact with DNS CAA Phone Contact v2 proposed changes to the Baseline Requirements for publicly-trusted certificates.
- The ballot’s purpose was to let domain owners publish phone numbers in a DNS CAA record for domain validation.
- The ballot passed.
What the ballot adds
- A new definition for DNS CAA Phone Contact in section 1.6.1.
- A new acronym, ADN, meaning Authorization Doman Name.
- A new validation method in section 3.2.2.4.17, Phone Contact with DNS CAA Phone Contact.
- A new appendix section B.1.2, CAA contactphone Property.
Validation method
- A CA must confirm control of the FQDN by calling the DNS CAA Phone Contact phone number and obtaining a confirming response.
- One phone call may confirm multiple ADNs if the same phone number is listed for each ADN and each ADN gets a confirming response.
- The relevant CAA Resource Record Set must be found using the RFC 6844 Section 4 search algorithm, as amended by Errata 5065.
- The CA must not be transferred or request transfer because the number is specifically listed for domain validation.
- If voicemail is reached, the CA may leave the Random Value and the ADN or ADNs being validated, and the Random Value must be returned to approve the request.
- The Random Value remains valid for no more than 30 days from creation, unless the CPS sets a shorter period.
- After validation, the CA may also issue certificates for other FQDNs that end with all the labels of the validated FQDN, including wildcard domain names.
CAA contactphone property
- The contactphone property takes a phone number as its parameter.
- The parameter must be a valid Global Number under RFC 3966 section 5.1.4.
- Global Numbers must include a leading + and a country code and may include visual separators.
- The property may be critical if the domain owner does not want CAs that do not understand it to issue certificates.
Voting and approval
- Voting by Certificate Issuers: 20 yes, 0 no, 0 abstain.
- Voting by Certificate Consumers: 5 yes, 0 no, 0 abstain.
- The ballot met the bylaw requirements for approval.
- Quorum was met.
Effective date and applicability
- The supplied evidence does not state a normative effective date for this ballot.
- The ballot page shows discussion and voting timing, but no explicit compliance date for implementation.
- Voting opened
- 2019-05-13
- Voting closed
- 2019-05-20
- Discussion opened
- 2019-05-02
- Discussion closed
- 2019-05-09
AI-generated from the CABF ballot page. The official CABF article remains the authoritative source.
Vote result
0
Yes
0
No
0
Abstain
Proposers
Doug Beattie of GlobalSign and endorsed Tim Hollebeek of DigiCert and Bruce Morton from Entrust.
Excerpt
SearchHome » All CA/Browser Forum Posts » Ballot SC019: Phone Contact with DNS CAA Phone Contact v2Ballot SC019: Phone Contact with DNS CAA Phone Contact v2The voting period for Ballot SC19 has ended and the Ballot has Passed. Here are the results:
View on cabforum.org →
Last fetched 15 hours ago