On 18/05/17 23:40, Nick Lamb wrote: > Mmmm. I believe only 3.2.2.4 is acceptable to Mozilla, am I wrong > here? Judging from self-assessment document, TrustCor's actual > practices are all intended to be 3.2.2.4 compliant (I will examine in > more detail later) but the language here suggests it might be > possible for applicants to successfully validate for DV by some other > means not listed in 3.2.2.4, which (again unless I'm mistaken) > Mozilla considers always to be mis-issuance.
As of 21st July 2017, yes :-) The language should be clear that only 3.2.2.4-conforming methods are allowed, and each documented method should say which subsection of 3.2.2.4 it is complying with. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy