Florian Weimer wrote: > Organizations not on this list can usually get an EV certificate > through a corporate sponsor. The EV process does not verify that the > party to which the certificate is issued is the actual end user, or > that it is the legal entity which controls the domain name mentioned > in the Common Name field.
That's simply incorrect. EV Guidelines version 1.1, sections 3.a.2.C, 6.a.2, 13.a.2 and, primarily, section 18 all refer to the requirement to check that the applicant is the registered holder of the domain name. http://www.cabforum.org/EV_Certificate_Guidelines_V11.pdf Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
