On Wed, Apr 19, 2017 at 10:41:33PM +0000, Peter Gutmann via dev-security-policy 
> Kurt Roeckx via dev-security-policy <dev-security-policy@lists.mozilla.org> 
> writes:
> >Both the localityName and stateOrProvinceName are Almere, while the province 
> >is Flevoland.
> How much checking is a CA expected to do here?  I know that OV and DV certs 
> are just "someone at this site responded to email" or whatever, but for an 
> EV cert how much further does the CA actually have to go?

For the EV cert we got we got a phone call asking if she could
speak to someone else to confirm that he works there.

That also wasn't what I expected. I expected that they would at
least check that he has the authority to do so, like asking the

(It was a code sign certificate, but I expect if it's labeled EV
that the same things apply.)


dev-security-policy mailing list

Reply via email to