CAs already have rules allowing a Parent, Subsidiary, or Affiliate (all defined
terms) to obtain certs for domains owned by each other - so Alphabet-Google,
for example, can get certs for domains owned by each other. So we would use
the same rules to make certain the registered trademark owner is a Parent,
Subsidiary, or Affiliate of the EV cert Subject - we would use information from
the SEC or other government securities agencies (including public filings),
and/or other third party data that we have used for the past 10 years to prove
affiliation. Also, remember, we only do trademark registration validation
after we have completed EV validation, so we know who our certificate customer
is. Many companies put their IP assets in an affiliated company for tax
reasons - it should not be difficult to prove affiliation. If we can't prove
it, the logo will not go into the EV cert.
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
