Frank Hecker:
The EV guidelines reference RFC 3280 as the guiding document on matters
not addressed in the EV guidelines themselves. Section 4.2.1.7 of RFC
3280 allows (and recommends that) email addresses to be included in a
certificate using the subjectAltName extension; it also says
Because the subject alternative name is considered to be definitively
bound to the public key, all parts of the subject alternative name
MUST be verified by the CA.
Frank, alt name extension(s) might have to be validated (according to
the statement above), however the emailAdddress field has nothing to do
with it. Typical use of alt name extension are DNS names and other
usage, but not email.
As it stand right now, nothing in the EV guidelines mandates that email
addresses be included in an EV SSL certificate, and nothing in the EV
guidelines prohibits email addresses from being included in an EV SSL
certificate. No requirements exist concerning validation of email
addresses either.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
