Hi Everyone,


One of my goals at DigiCert is provide greater transparency. One of the ideas 
I’ve kicked around is community-drive EV or EV transparency.  To start that 
off, I thought I’d share the sources we use verification of the jurisdiction of 
incorporation/registration here. This list is available here 
https://www.digicert.com/legal-repository/ (direct: 
https://www.digicert.com/wp-content/uploads/2019/09/DigiCert-Approved-Incorporating-Agencies.xlsx).
  Sharing this was suggested from the community and the digicert leadership 
team thought it was a great idea. Not only does it get community feedback on 
the sources we use (or shouldn’t use), but it may identify sources that other 
CAs could use to do the verification. The idea is we could build a definitive 
master list that the CAB forum could use for verification of EV. This would 
further standardize EV. If we start including a reference to the source, then 
someone could easily verify the accuracy of the information and the identity of 
an organization.  This would solve a major headache I’ve had with EV – you 
can’t see where the JOI information originates.



For reference, section 8.5.2 requires a CA to verify the legal existence of an 
entity through “a filing with (or an act of) the Incorporating or Registration 
Agency in its Jurisdiction of Incorporation or Registration (e.g., by issuance 
of a certificate of incorporation, registration number, etc.) or created or 
recognized by a Government Agency (e.g. under a charter, treaty, convention, or 
equivalent recognition instrument)”. This is far broader than an incorporating 
agency, but we use incorporating agencies as the primary source, and we’re 
working to eliminate sources like SEC.   This source list combines information 
from primary and secondary sources (both incorporating and registration 
sources).

 

Sharing this kind of information helps us get to the end-goal of a more 
transparent EV ecosystem and builds a more community-driven EV practice. I’m 
looking forward to your feedback. Also, let me know if this is interesting, and 
what else you’d like to see.



Thanks!



Jeremy

 



_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to