Frank Hecker wrote:
One of the things I'm trying to do (with lots of help from Kathleen
Wilson) is to document how the CA evaluation process works, so that CAs
can have a better understanding of what will happen during the process
and what they will be asked to do. A primary product of that effort will
be a "how to apply" guide for CAs. We now have a draft of that guide
available at
https://wiki.mozilla.org/CA:How_to_apply
Please feel free to comment on it, or even to edit it yourself if you'd
like.
Looks good!
One question. In "Information Gathering" 2.4, what are the
ramifications of the two subsections that say:
2.
4. Identify if there are any SSL certs issued under this root
that are only domain-validated (i.e., the Organization attribute is not
verified, only the domain name is
verified).
1.
1. Identify if all SSL certs issued from this root are
organization-validated, meaning that both the domain name referenced in
the certificate is verified to be owned/controlled by the subscriber,
and the value of the Organization attribute is verified to be that
associated with the certificate subscriber.
E.g., having identified these points, what happens then?
(also, please note that the number formatting seems to be in error
there, and I am unsure whether these points are in the same major
section or not?)
iang
_______________________________________________
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
