Frank Hecker wrote: > Gerv, I'll let others give the definitive answer to this, but a number > of CAs will issue certificates based solely on verification of a working > email address. This is usually done for individual email certificates, > but it's possible that some CAs will do this for SSL server certificates > as well, at least for "free trial" evaluations and "test" certificates.
[...] But I think issuing any sort of SSL server
cert without some sort of audit trail which allows you to track down the person responsible for the server is a bad idea. And if existing CAs are doing it, they should be encouraged to stop.
Major CAs are using separate roots for the test and free trial certificates, and those are not included in Mozilla's root certificate list.
If other CA are delivering certificate so easily under an approved root, I think it would be a very valid reason to request removal of their root CA cert from the list.
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
