Additional methods for Domain Authorization or Mailbox Control

[srdavidson]

In addition to the methods from the TLS BR for Domain Authorization, as well as Mailbox control using email, the following additional methods might be considered for Section 3.2.2.2:

• Extensions to Automatic Certificate Management Environment for end-user S/MIME certificates

• Automated Certificate Management Environment (ACME) Extension for Single Sign On Challenges

[srdavidson]

The use of MX records should also be considered for email Domain Authorization.

[srdavidson]

The use of MX records should also be considered for email Domain Authorization.

MX records method added as Section 3.2.2.3.

[srdavidson]

The existing MX record method presumes that a service provider indicated in an MX record will be the Applicant across the board.
An additional method using MX records has been proposed that allows the email domain holder to indicate a scope of email addresses for which the service provider is allowed to request certificates (i.e., to exert some constraints on the service provider). This will be more fully described for inclusion in a future version of the SBR.

[srdavidson]

Initial draft text for discussion is at

srdavidson/smime@c8c05f4...5fed675

[srdavidson]

Updated at srdavidson/smime@cd7c998...8933906.