On Wed, Apr 11, 2018, at 14:48, Matthew Hardeman via dev-security-policy wrote:
> Additionally, I think it's fair to say that I'm aghast that another CA
> (who by their inclusion in the Mozilla root program has agreed to stay
> abreast of developments on this list) has issued for the exact same
> entity and name that already led to significant controversy covered on
> this list less than a year ago.
This is a real legal entity, which almost certainly went through proper EV
validation. Everything appears to be in order.
> I believe that speaks to inattention to the list or failure to
> incorporate lessons learned from controversies on this list into
> issuance and/or validation practice.
I strongly disagree. Everything is operating correctly. Corporate entity names
are not unique, which is why EV is not useful. There were no lessons to be
learned from the previous thread other than the fact that EV does not provide
any useful guarantees to Mozilla's users.
dev-security-policy mailing list