Domain Control Validation-Only Trust Assurance with Secured Infrastructure

This is an Authentication Profile of the IGTF describing the minimum requirements on X.509 PKI authorities issuing certificates for systems and online services identified by their Internet Domain Name, where the domain control vetting is adequate to ensure unique, non-re-assigned certificate subjects, and generated by authorities using secured and trusted infrastructure. Such authorities are not required to collect more data than are necessary for fulfilling the uniqueness requirements, and credentials issued by authorities under this profile may not provide sufficient information to independently trace individual subscribers and should be used in conjunction with complementary identification and vetting processes.

Current version: 1.1 (March 2025)
DCVOTA-Secured-Infra-AP-1.1.pdf
Assurance specification: IGTF AP ELM
Technical specification: PKI Technology Guidelines
Policy Identifier: urn:oid:1.2.840.113612.5.2.2.6
Managed by: TAGPMA
Document revision history: http://www.eugridpma.org/guidelines/DCVOTA/

IGTF Home

About the IGTF

Member PMAs and Registries

Peer Organisations

Member Resources

Comments to info@igtf.net
Website hosted by Nikhef on mestkar,
subject to the Nikhef Privacy Notice
Last updated: June 6, 2025