Johansson Olle E wrote:
15 aug 2008 kl. 18.00 skrev Peter Saint-Andre:Johansson Olle E wrote:15 aug 2008 kl. 17.36 skrev Peter Saint-Andre:It's the same as for Geotrust's SSL certificates. In order to confirm your domain, they want you to prove that you are in control of the mail flow. That's why they only have a short list of pre-defined mail addresses to choose from. For Geotrust, it's webmaster and sslmaster. Could propably add "xmppmaster" as well, but that's something that we only can suggest from the community side.David Horwitz wrote:Hi All,I just was looking at registering our service at www.xmpp.net Is there any reason why [EMAIL PROTECTED] is not a valid verification address? Being a large university all the other addresses are handled by other departments....Yes, I know. That policy is set by the root CA we use (StartCom) and we don't have any control over it, since we're just an intermediate CA.For StartCom it's hostmaster, postmaster, and webmaster, in accordance with RFC 2142. RFC 3920 mentions the xmpp@ address, but that it not accepted by StartCom as an official email address. I suppose I could work with them on that. :)Well, as you have nothing to do, that could be an interesting way to spend your time. An alternative could be running against the well a few times. I don't know what gives more result, but trying to talk with a commercial CA is certainly an interesting experience to tell your grand-kids about one evening in front of the fireplace... Good luck!
Well we work directly with StartCom and they are very easy to deal with (maybe it helps that the XSF pays them money), but I think that adding a new verification address would require changes to their policy documents and they might not want to do that for auditing purposes.
In any case, in my experience only a small percentage of admins are bothered by this policy (mostly at universities), and the solution is more of a PITA than an impossible hurdle (make nice to the postmaster).
The bigger problem I've found is that many important TLDs don't offer a native whois service, and that's also required by StartCom. More here:
https://www.xmpp.net/news/2007/02/05/got-whois /psa
smime.p7s
Description: S/MIME Cryptographic Signature
