Question about the certificate authority

Does this CA validate the identity of the domains owner?

3 Likes

No.
Only "control" is validated [automatically].

See: FAQ - Let's Encrypt (letsencrypt.org)


9 Likes

That is the GIG. Ownership is paramount. Why do you ask?

5 Likes

Ownership is meaningless :man_shrugging: It is all about who controls the public DNS and/or webservers pointed to by the DNS

In addition to the FAQ @rg305 linked there is also this

10 Likes

Clarifying this response a bit:

LetsEncrypt only offers DV (Domain Validation) Certificates.

With DV Certificates "Only 'control' is validated [automatically]", regardless of the CA. No CA will validate the identity of a Domain's owner for a DV Certificate.

The identity of the owner is validated for OV (Organization Validation) and EV (Extended Validation) Certificates. A CA that offers OV or EV Certificates will validate domain owners for those certificates, but will not validate domain owners for DV certificates they offer.

8 Likes

Ok. I get it. Control is paramount. In my world ownership = control. But in the wild (real world) that doesn't exactly line up. I capitulate. ;@)
Thanks Mike.

7 Likes

There may be many individual points of control [various FQDNs].
There should only be one owner [of the domain].

7 Likes

Owners can and do delegate. However there really is only one owner even if he/she shares management of a domain.
IMHO it is a mistake. And it can lead to "loss of control".
Consider a business website. The Business sells and the new "owners" claim control of the assets including the website.
I have experienced it and it has motivated me to post terms/conditions and claim of owership on some domains I own yet "lease" to client businesses.

8 Likes

When someone purchases a domain, their registration details can remain private (Private Registration) and only contact details of the registrar are shown with the dates of creation & expiry, etc.. So no, ownership cannot be validated.

6 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.