Frank Hecker wrote: > * For email certs the requirement should be something like "the CA must > take reasonable measures to verify that the entity controls the email > account associated with the certificate" and "CA must not knowingly > issue certs to entities who do not control the associated accounts". > (Again, we'll skip for now the issues of agents and what is "reasonable".)
Agents is a big one for email certificates, especially with things like staff ID badges that are PKI cards as well, in this instance the domain owner also becomes a sort of mini RA I guess... At least this is how we're currently dealing with it... -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
