On Dec 27, 12:27 am, Eddy Nigg <eddy_n...@startcom.org> wrote: > Patricia, even though I value your suggestion, I believe this is not the > appropriate time and place to raise them. Please note, that you are not > a certification authority but a reseller.
True. But I assume that ideas from non-CAs can be considered also. > I would agree with you in case I'd have had to resort to special tools > and hacking your servers in order to overcome domain validation > procedures. However in your case there was no validation at all. You have trickered a glich in the system - it is fixed and will not happen again. This thread was however not about any company in particular. > Why? So that you can search the database for new customers? Do you > believe that this would remove the burden to perform domain control > validation? And why shouldn't I be able to get certificates for my > domain from multiple certification authorities? Heck, your CA even > issues certificates multiple times with the same subject line. I guess > they won't be very happy with your proposal. The customer should have the freedom to issue a block so that certificates for a particular domain could require some formalized validation (e.g. signature from CEO). The block could come with a fee. > High profile sites should use EV certificates anyway these days. Yes, most do. But still certificates could be issued for the domain without the customer knowing it if a fraudlent order is submitted or similar. It would be easy to implement some kind of blick facility. > Additionally it would require participation of all CAs, something which > is very unlikely from happening. Otherwise a customer simply searches > for another CA not participating... Yes, that is going to be the hard part. My suggestion would be that Mozilla and others would simply require CAs to do it - it is in everyones best interest. -- kind regards, Patricia, Certstar ApS _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
