On 21/08/2018 16:54, Tim Hollebeek wrote:
There are lots of useful ways to publish unverified and potentially
inaccurate information.
Putting that information into a certificate signed by a public Certificate
Authority is
not one of them.
By the way, OUs need to be accurate as well, not just "partially verified",
so you might
want to look into that part of your processes as well.
Just curious, what validation procedure would apply to legitimate OU
values like:
"HQ" or "Datacenter 3" or "Sales"
And which ones would apply to uniqueness OUs like:
"2019-Apr" indicating this is the certificate requested in April 2019,
not the otherwise identical certificates requested in February 2019 and
June 2019?
BR 7.1.4.2: "By issuing the Certificate, the CA represents that it followed
the procedure
set forth in its Certificate Policy and/or Certification Practice Statement
to verify that, as
of the Certificate's issuance date, all of the Subject Information was
accurate."
-Tim
-----Original Message-----
From: dev-security-policy <[email protected]>
On
Behalf Of pekka.lahtiharju--- via dev-security-policy
Sent: Tuesday, August 21, 2018 10:45 AM
To: [email protected]
Subject: Re: Telia CA - problem in E validation
I believe it has been useful to our users even though it was only
partially
verified like OU. Now when it no more exists it certainly won't provide
any help
to anybody.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
