> I would presume that the CABforum would be the place to explore further > details, but it seems that the specifications for the #10 method should be > reexamined as to what assurances they actually provide with a view to > revising those specifications. At least 1 CA so far has found that the > real world experience of a (presumably) compliant application of method #10 > as it exists today was deficient in mitigating the provision of > certificates to incorrect/unauthorized parties.
I agree CABFORUM seems to be the right place to get this text clarified. More concretely I have recently re-reviewed the validation methods and in general, think they most need fairly significant clarification. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
