On 12/31/2008 08:57 PM, Frank Hecker:
employees, servers, etc. IIRC in a number of these schemes the CA is responsible for actually issuing the certificates but the validation is done by the enterprise. (For example, the CA might provide a web-based interface by which authorized representatives of the enterprise can submit previously-validated CSRs to the CA, and get back certificates in return.) In these cases the enterprises are essentially acting as RAs.
And on the same token, the CA could perform the validation of the domain through said web interface. I'd see exception for whole IP blocks and batch submissions, whereas the IP block ownership and details of the batch submission have been validated by the CA manually beforehand.
The enterprise scenario doesn't present a situation which would justify exemption of domain validation requirement. As per proposal it still would be possible though with appropriate attestation about the RAs capabilities and controls in place.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
