Eddy Nigg (StartCom Ltd.) wrote: > A few things here: > > According to the Mozilla CA policy we don't have to verify the IV/OV > procedures usually, because the policy doesn't require it. However - and > this is highly important to understand why and where also my experience > as a CA comes in - it is important when those validations (IV/OV) are > part of the validation procedure for domain, respectively email > ownership verification. If ownership and control of a domain (and email) > is performed by other means, it's not really important. > > In this specific case it is important since no other procedure exists. > That's also the reason why I requested to know more about the procedures > performed by Entrust and its RAs. In this respect the question of Nelson > is legitimate because it's not beyond the scope of what Mozilla requires.
I agree that it would be a good thing if Entrust (or any CA, for that matter) used technical means (like sending email to postmaster or whatever) to verify domain name ownership for non-EV SSL certs, in addition to whatever other procedures are used. However based on what the policy says and how we've interpreted it in the past, I can't justify rejecting or delaying Entrust's request based on this particular issue. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
