Yes, Reseller and RA are 2 distinct roles. However, in some cases, a single entity may choose (and be approved) to perform both of these roles.
I fully agree that the Reseller role "should not perform any validation procedures at all". On Wednesday 31 December 2008 00:29:17 Eddy Nigg wrote: > On 12/31/2008 01:27 AM, Frank Hecker: > > One reason I say this is "good CA practice" as opposed to a mandatory > > requirement, is because of cases like enterprise PKIs where the > > enterprises might act as RAs and do verification based on their own > > internal systems (e.g., HR databases). > > I think this is what we want to avoid actually, don't we? Or perhaps we > could leave it as is, since the Mozilla CA Policy is actually clear in > relation to validations. > > Incidentally I had previously a problem with Microsoft's policy to > disallowing certain enterprise scenarios, hereby it might make some > sense. But even then, the proposal would actually call for an > attestation, whereas the attestation itself hasn't been defined yet. I > think this is what also Kay proposed. > > Now, we must not forget what an RA is, what a reseller is and what an > enterprise scenario is. RAs are interesting for the verification and > validation of identity documents in person for example. Or organizations > for that matter. Since RAs always have to interact with the CA at some > point, I believe incorporating domain/email validation is more than > easy. Even in enterprise settings is that possible. > > Resellers should not perform any validation procedures at all. They > should sell certificates and not be involved with any of the technical > sides of he procedures. Reseller != RA. > > As such, I believe that it would be good to improve the Mozilla CA > Policy and work towards better definitions and requirements. Even if the > validation aspect is clearly defined and *required*, we might exclude > certain practices outright. There are of course other points I'd like to > have improved. -- Rob Stradling Senior Research & Development Scientist Comodo - Creating Trust Online Office Tel: +44.(0)1274.730505 Fax Europe: +44.(0)1274.730909 www.comodo.com Comodo CA Limited, Registered in England No. 04058690 Registered Office: 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to the e-mail containing this attachment. Replies to this email may be monitored by Comodo for operational or business reasons. Whilst every endeavour is taken to ensure that e-mails are free from viruses, no liability can be accepted and the recipient is requested to use their own virus checking software. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
