Eddy Nigg (StartCom Ltd.) wrote re email addresses in EV certificates: > Can somebody else have also a look at this? In case the > claims are correct and email address fields are allowed or required for > EV SSL server certificates and *no* extended key usage is set *and* > validation of the email address does not have to be performed, I suggest > to take this to the CAB forum urgently!
I just looked at the latest EV guidelines, doing a search for various email-related terms (e.g., "email", "e-mail", "RFC 822", "rfc822", etc.) and also reading section C in detail. As far as I can tell, the guidelines do not mention email addresses in any context relating to the content of certificates. There certainly does *not* appear to be any EV-related requirement that email addresses be included in EV certificates. I also looked at real-life examples of EV certificates from several CAs. None included an email address. Where present, the Certificate KeyUsage extension had values of Signing and Key Encipherment, and the Extended Key Usage extension had values of TLS Web Server Authentication and TLS Web Client Authentication. (One certificate also included the Netscape Certificate Type extension with values SSL Client Certificate and SSL Server Certificate.) Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
