The first item in Mozilla policy is impossible for all CAs related to E verification because there aren't any valid independent sources to check support email addresses. You potentially could validate only domain part of the email address which doesn't cover the requirement that ALL information must be verified from such source. Most persons in this discussion have recommended using challenge-response method in E verification but I'm afraid it is also against Mozilla requirement 2.1step1 because no independent source or similar is involved.
The second item in Mozilla policy is not valid because these SSL certificates are not capable in email messaging. It is clear for SMIME certificates and with them we follow it. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy