I posted this tonight: https://bugzilla.mozilla.org/show_bug.cgi?id=1576013. It's sort of an extension of the "some-state" issue, but with the incorporation information of an EV cert. The tl;dr of the bug is that sometimes the information isn't perfect because of user entry issues.
What I was hoping to do is have the system automatically populate the jurisdiction information based on the incorporation information. For example, if you use the Delaware secretary of state as the source, then the system should auto-populate Delaware as the State and US as the jurisdiction. And it does...with some. However, you do you have jurisdictions like Germany that consolidate incorporation information to www.handelsregister.de<http://www.handelsregister.de> so you can't actually tell which area is the incorporation jurisdiction until you do a search. Thus, the fields to allow some user input. That user input is what hurts. In the end, we're implementing an address check that verifies the locality/state/country combination. The more interesting part (in my opinion) is how to find and address these certs. Right now, every time we have an issue or whenever a guideline changes we write a lot of code, pull a lot of certs, and spend a lot of time reviewing. Instead of doing this every time, we're going to develop a tool that will run automatically every time we change a validation rule to find everything else that will fail the new update rules. IN essence, building unit tests on the data. What I like about this approach is it ends up building a system that lets us see how all the rule changes interplay since sometimes they may intercept in weird ways. It'll also let us easier measure impact of changes on the system. Anyway, I like the idea. Thought I'd share it here to get feedback and suggestions for improvement. Still in spec phase, but I can share more info as it gets developed. Thanks for listening. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
