Policy 2.6 Proposal: Require disclosure of S/MIME validation practices

Wayne Thayer via dev-security-policy Mon, 26 Mar 2018 11:50:45 -0700

Mozilla policy section 2.2(2) requires validation of email addresses for
S/MIME certificates, but doesn't require disclosure of these practices as
it does for TLS certificates.


I propose adding the following language from 2.2 (3) (TLS) to 2.2(2)
(S/MIME):

The CA's CP/CPS must clearly specify the procedure(s) that the CA employs
to perform this verification.

This is: https://github.com/mozilla/pkipolicy/issues/114

-------

This is a proposed update to Mozilla's root store policy for version
2.6. Please keep discussion in this group rather than on GitHub. Silence
is consent.

Policy 2.5 (current version):
https://github.com/mozilla/pkipolicy/blob/2.5/rootstore/policy.md
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Policy 2.6 Proposal: Require disclosure of S/MIME validation practices

Reply via email to