On Dec 31 2008, 12:27 am, Frank Hecker <hec...@mozillafoundation.org> wrote: > Eddy Nigg wrote: > > I edited the Problematic Practices page and added > >https://wiki.mozilla.org/CA:Problematic_Practices#Delegation_of_Domai... > > > It might need some improvement. Frank, can you review? This will affect > > obviously only future inclusion requests and is not a resolution to the > > current issue and other CAs which might be affected. > > I'm not totally happy with that language, but I'm supposed to be on > vacation with my family and don't have time to rewrite it right now. > > I will say however that as a general matter I think it is good CA > practice to have standard procedures and associated IT systems for > verifying domain ownership/control and email account ownership/control, > and to have resellers either use the CA's own systems or use CA-approved > equivalents. (For example, reseller A might use the CA's own instances > of such systems, while reseller B might run the same software but on its > own systems.) > > One reason I say this is "good CA practice" as opposed to a mandatory > requirement, is because of cases like enterprise PKIs where the > enterprises might act as RAs and do verification based on their own > internal systems (e.g., HR databases). > > Frank > > -- > Frank Hecker > hec...@mozillafoundation.org
Frank, The Comodo topic has once again sparked a fierce discussion about the validity of certificates, how appropriate levels of security and trust should look like and what to do to establish them. Since we expect this discussion to have "some" impact on the evaluation of requests for Root integration (the current schedule appears not to be valid anymore) we wonder whether you can tell us something about your plans to work on that topic and what does that mean for all pending requests for integration?! Kind regards Wolfgang Pietrus _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
