Rubens, allow me please to direct your attention to:
https://cabforum.org/2015/02/18/ballot-144-validation-rules-dot-onion-names
/
Aside: EV certificates are what will be issued for Onion addresses, even
wildcard onion address certificates, for reasons explained on the Ballot.
- alec
On 3/17/15, 5:30 PM, "Rubens Kuhl" <rube...@nic.br> wrote:
>Considering .onion is a non-resolving TLD, how would a CA issue a
>certificate for a .onion name that they can't verify whether the
>requester is the administrator of that service ? DV certificates can use
>lots of mechanisms to verify that, but is one of them feasible for CAs to
>use ?
>
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
