On Wed, Jan 11, 2017 at 10:06 AM, Nick Lamb <tialara...@gmail.com> wrote:
> Why go to the bother of setting up a web server on say, smtp.example.com, 
> only to get yourself a certificate, and then turn off the web server and use 
> the certificate for SMTP? It's not impossible, but it would be very much the 
> exception.

Because you're not required to setup the webserver for
smtp.example.com. It's sufficient to setup the webserver for
example.com to authorize the name, by creatively interpreting the
Method 7 (prior to Ballot 169) and applying the logic from Method 4 to
suggest it's OK to prune the domain (despite Method 6 not allowing

I'm not saying they'd be right in arguing so, but they wouldn't be the
only CA who applied such an interpretation.
dev-security-policy mailing list

Reply via email to