Frank Hecker:
I agree that it would be a good thing if Entrust (or any CA, for that matter) used technical means (like sending email to postmaster or whatever) to verify domain name ownership for non-EV SSL certs, in addition to whatever other procedures are used. However based on what the policy says and how we've interpreted it in the past, I can't justify rejecting or delaying Entrust's request based on this particular issue.
Yes, I think they have by their answers proved compliance to the policy. Accepting faxes is really a matter of taste and somewhat backward.
Of course, merely sending an email to postmaster isn't the holy grail either and this can be improved by highly limiting the time-frame such a verification would be valid, additional lookup of the WHOIS records, checking of the purchase date of the domain etc...all this can/should be part of the domain validation when performing through electronic and automated means.
Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
