On Thu, May 31, 2018 at 4:18 PM, Peter Saint-Andre via dev-security-policy < [email protected]> wrote: > > > We can also think of many business types (e.g., scammers) that would > love to have names like ⒶⓅⓅⓁⒺ but that doesn't mean it's smart to issue > certificates with such names. The authorities who approve of company > names don't necessarily have certificate handling in mind... >
Indeed. Most of the government offices responsible for approving entity creation are concerned first and foremost with ensuring that a unique name within their jurisdiction is chosen and that a public record of the entity creation exists. They are not concerned with risk management or legitimacy, broadly speaking. Anyone at any level of risk management in the rest of the ecosystem around a business will be concerned with such matters. Banks, trade vendors, etc, tend to reject accounts with names like this. Perhaps CAs should look upon this similarly. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
