*Some cas. I don’t think the 18 month requirement is a universal position and may not even be a majority view. I think there’s other ideas that are better and add more value than simply extending the time a company is required to exist to get the cert.
> On May 31, 2018, at 4:40 PM, Wayne Thayer via dev-security-policy > <[email protected]> wrote: > > On Thu, May 31, 2018 at 8:39 PM James Burton via dev-security-policy < > [email protected]> wrote: > >> >> This is wrong and should be changed to allow all types of legally >> incorporated company names to get certificates. I understand this >> doesn't fit any of the standard company name profiles you've seen but this >> company name can be used in practice and I can think of many business >> types that would love this type of name. >> >> In my opinion, this is just a rehash of the same debate we've been having > over misleading information in certificates ever since James obtained the > "Identity Verified" EV certificate. The options we have to address this > seem to be: > 1. Accept that some entities, based on somewhat arbitrary rules and > decisions, can't get OV or EV certs > 2. Accept that the organization information in certificates will sometimes > be misleading or at least uninformative > 3. Decide that organization information in certificates is irrelevant and > ignore it, or get rid of it > > We currently have chosen "some parts of all of the above" :-) > > I am most interested in exploring the first option since that is the > direction CAs are headed with the recent proposal to limit EV certificates > to organizations that have existed for more than 18 months [1]. As long as > anyone can obtain a DV certificate, are restrictions on who can obtain an > OV or EV certificate a problem, and if so, why? > > [1] https://cabforum.org/pipermail/validation/2018-May/000882.html > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
