The CA/Browser Forum, driven by Chrome Root Program advocacy, is phasing out 11 legacy Domain Control Validation (DCV) methods for HTTPS certificates. Ballots SC-080, SC-090, and SC-091 will sunset weaker verification approaches that rely on email, fax, SMS, phone calls, WHOIS lookups, and postal mail. These methods have known vulnerabilities and will be replaced by automated, cryptographically verifiable challenge-response mechanisms like ACME-based DNS TXT record validation. The transition is phased, with full deprecation by March 2028, and aims to reduce fraudulent certificate issuance risk across the entire web ecosystem.
Sort: