Eddy Nigg (StartCom Ltd.) wrote: > I've been reading most relevant CP/CPS published at > http://repository.swisssign.com/ and currently have a question > concerning domain ownership validation (or relevant authorization > rights) of the Gold and Sliver server certificates issued by SwissSign > which would satisfy the Mozilla CA policy requirement outlined in > section 7. Maybe I missed it somewhere and somebody (Frank?) already > knows the answer and can point me to the relevant section...
Section 3.2.2 of the Gold CPS includes the following: "/DC= fields will only be accepted if a printout of the WHOIS entry for the domain is included. The owner of the domain must approve the request with a handwritten personal signature in the appropriate position on the registration form and provide information as to his identity. The RA will create a high-quality copy or scan of all required supporting documentation. SwissSign validates that the person enrolling for the certificate has control of the domain by requiring the person to respond to an e-mail hosted at that domain." So, as I read it, they determine the ostensible owner of the domain based on WHOIS data, then do an identity check to verify that the certificate applicant is that person. Plus they do the email check. If you have further questions please feel free to ask them in the bug; I think Melanie Raemy of SwissSign is following the bug traffic but not the newsgroup discussion. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
