LS,
I think if e-mail is configured as rfc822Name=email it is something that is included within the altname. More and more you see certificate issuers using this field. Another option is to include the e-mail within the subjectdname: email=. In that case there is nothing stated about validation. Kick ------------------------------------------------------------------------------------- Kick Willemse Product Manager e-mail: [EMAIL PROTECTED] weblog: http://www.papierloos.nl<http://www.papierloos.nl/> DigiNotar B.V. Vondellaan 8 1942LJ Beverwijk telefoon: 0251-268888 Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Eddy Nigg (StartCom Ltd.) Verzonden: dinsdag 29 april 2008 13:46 Aan: mozilla's crypto code discussion list Onderwerp: Re: EV email usage Frank Hecker: The EV guidelines reference RFC 3280 as the guiding document on matters not addressed in the EV guidelines themselves. Section 4.2.1.7 of RFC 3280 allows (and recommends that) email addresses to be included in a certificate using the subjectAltName extension; it also says Because the subject alternative name is considered to be definitively bound to the public key, all parts of the subject alternative name MUST be verified by the CA. Frank, alt name extension(s) might have to be validated (according to the statement above), however the emailAdddress field has nothing to do with it. Typical use of alt name extension are DNS names and other usage, but not email. As it stand right now, nothing in the EV guidelines mandates that email addresses be included in an EV SSL certificate, and nothing in the EV guidelines prohibits email addresses from being included in an EV SSL certificate. No requirements exist concerning validation of email addresses either. -- Regards Signer: Eddy Nigg, StartCom Ltd.<http://www.startcom.org> Jabber: [EMAIL PROTECTED]<xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution!<http://blog.startcom.org> Phone: +1.213.341.0390
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
