> The question and concern about QIIS is extremely reasonable. As discussed in > past CA/Browser Forum activities, some CAs have extended the definition to > treat Google Maps as a QIIS (it is not), as well as third-party WHOIS services > (they’re not; that’s using a DTP).
It's worth noting that the BRs currently say "WHOIS: Information retrieved directly from the Domain Name Registrar or registry operator ..." so I'm not sure using a DTP is actually permitted. Though I don't think we've discussed that point since the language was added. > In the discussions, I proposed a comprehensive set of reforms that would > wholly remedy this issue. Given that the objective of OV and EV certificates > is > nominally to establish a legal identity, and the legal identity is derived > from > State power of recognition, I proposed that only QGIS be recognized for such > information. This wholly resolves differences in interpretation on suitable > QIIS. We agree with this. -Tim
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy