Re: SECOM Request for EV Treatment

Tue, 01 Dec 2015 09:34:42 -0800 

On 11/24/15 4:24 PM, Kathleen Wilson wrote:

On 11/19/15 11:00 PM, h-k...@secom.co.jp wrote:


Dear Kathleen-san,

The updated CP for detailed descrition(the certificate subscriber
owns/controls) about domain verification for the section 3.2.7 is
attached on bugzilla.
https://bugzilla.mozilla.org/attachment.cgi?id=8689921
Email address verification does not apply to this EV SSL CP/CPS.

The corresponding section were made comprehensible by blue characters.

Thank you for your consideration.




Thank you, Kamo-san.

All,

As requested, the CP has been updated to reflect what SECOM does in
regards to domain name validation. Note that this information was
already available on the SECOM website, but we asked that it also be
added to their CP.

Here is the text that was added to the CP:
~~
The authentication method is as follows:
1. Using the WHOIS registry service, SECOM Trust System verifies that
the relevant subscriber owns the domain to which the Certificate pertains.
2. Should the owner of the domain be different from the subscriber,
SECOM Trust Systems authenticates the domain by having the domain owner
submit to SECOM Trust Systems a document granting subscriber the
permission to use the domain or by sending a verification e-mail to the
e-mail address of the domain owner registered in the WHOIS registry
service.
~~

If everyone is OK with this, then I will proceed with recommending
approval of this request to enable EV treatment for the "Security
Communication RootCA2" root certificate.

I will also track an action item to ensure that SECOM adds the updates
in the translated version of their CP back to the original CP.

Kathleen





Thanks again to everyone who reviewed and commented on this request from 
SECOM to enable EV treatment for the "Security Communication RootCA2" 
root certificate.



I am now re-closing this discussion and will recommend approval in the 
bug. In parallel, I will also track the action item for SECOM to update 
their original CP according to the changes they drafted in the English 
version.


https://bugzilla.mozilla.org/show_bug.cgi?id=1096205

Any further follow-up on this request should be added directly to the bug.

Thanks,
Kathleen

_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy























					Reply via email to