Florian, Thank you for bringing this to my attention.
Florian Weimer wrote: > But the EV certificate was issued to "SEB AG", a different legal > entity. (SEB AG, in turn, is part of Skandinaviska Enskilda Banken > AB.) Are you able to outline the exact corporate relationship between these three entities? There are provisions in the guidelines for Parent/Subsidiary relationships, so the exact relationship is important to see if anything improper has occurred. >> "To verify Applicant's registration, or exclusive control, of the domain >> name(s) to be listed in the EV certificate, the CA MUST ..." >> >> So the person who is the Applicant must either be the registrant of, or >> have exclusive control of, the domain name. I can't see how you can read >> it any other way. > > The methods listed there are alternatives, not simultaneous > requirements. They must work with a diverse set of WHOIS conventions, > ownership structures, and internal communication issues at the > applicant. That is true, but irrelevant. The point is that whatever method you choose is employed to verify that the Applicant is the registrant or, or has exclusive control over the domain. > Find someone who is eligible for an EV certificate, ask them to get a > certificate for your domain, They would (should) need to be the domain owner for the duration of the transaction, unless you have a legal parent/subsidiary relationship with them. >>> But is it really true that Mozilla Corporation has exclusive control >>> over the mozilla.org domain, as implied by the addons.mozilla.org EV >>> certificate? Effectively, yes. The Mozilla Foundation effectively outsources its IT services to the Corporation, and so they have exclusive control over the domain name. > This doesn't answer my question. It matters from the EV process point > of view, and I think your records should show which entity actually > owns the domain name. Mozilla Corporation is listed as the registrant owner of mozilla.org in WHOIS. Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
