I do not think specifying a version number is required. All CAs issuing EV certs (or SSL) are required to abide by the latest version of the guidelines and attest to that fact in their CPS using the prescribed CAB Forum language:
"[Name of CA] conforms to the current version of the CA/Browser Forum Guidelines for Issuance and Management of Extended Validation Certificates published at http://www.cabforum.org. In the event of any inconsistency between this document and those Guidelines, those Guidelines take precedence over this document." Therefore, it's always the latest version, as adopted. Jeremy -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert....@lists.mozilla.org] On Behalf Of Matt Palmer Sent: Tuesday, July 29, 2014 6:39 PM To: dev-security-policy@lists.mozilla.org Subject: Re: GlobalSign Request to Include ECC Roots OK, let's dive into the CPS dissection game... On Tue, Jul 29, 2014 at 03:26:08PM -0700, Kathleen Wilson wrote: > ** CPS section 3.2.2.3, Extended Validation Certificates (SSL and Code > Signing): For Extended Validation Certificates, the EV Guidelines are > followed. I'm new to this, so perhaps the answer is "yes, of course it is", but is that a sufficient description of how EV certs are validated? The EV guidelines contain wording such as "Acceptable methods [...] include", which suggests to me that other methods *could* be used. What are the methods that are used by this CA for issuance of certificates under this root? At the very least, I think there needs to be better description of *which* EV guidelines are being followed. "Guidelines for the Issuance and Management of Extended Validation Certificates, version 1.4.9 or later, as published by the CA/Browser Forum" would be a far less ambiguous description. > ** CPS section 3.2.3.1, Class 1 (Personal Sign 1 & PersonalSign 1 Demo > Certificates): The Applicant is required to demonstrate control of the > email address to which the Certificate relates. How is this done? - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
