I quoted that from the Baseline Requirements but I do not see it defined 

> On Feb 4, 2018, at 1:03 PM, Moudrick M. Dadashov <m...@ssc.lt> wrote:
> Hi Peter,
> Is the "right to use" (in p. 1) defined somewhere?
> Thanks,
> M.D.
> On 2/4/2018 9:19 PM, Peter Bowen via Public wrote:
>> There has been a lot of discussion of which validation methods are 
>> acceptable and meet the bar for issuance of a certificate but I've not seen 
>> anyone clearly state the requirements for issuance. I think it is important 
>> we agree on what is being certified before we try to fix the validation 
>> process any further. Without doing so, there is no way to reasonably judge 
>> the effectiveness of any method.
>> Section 9.6.1 of the BRs is the closest I could find to spelling out exactly 
>> what is being certified. Reading that, it looks like the following is true:
>> The issuer named in the certificate, as of the issuance date, certified that:
>> 1) the Applicant either had the right to use, or had control of, the Domain 
>> Name(s) and IP address(es) listed in the Certificate’s subject field and 
>> subjectAltName extension or, in the case of Domain Names, was delegated such 
>> right or control by someone who had such right to use or control, and
>> 2) the natural person, device, system, unit, or Legal Entity identified in 
>> the Certificate as the Subject authorized the issuance of the Certificate, 
>> and
>> 3) the Subject is either the Applicant or a device under the control and 
>> operation of the Applicant, and
>> 4) that the natural person or human sponsor who was either the Applicant, 
>> employed by the Applicant, or an authorized agent who had express authority 
>> to represent the Applicant was authorized to request the Certificate on 
>> behalf of the Subject, and
>> 5) the issuer verified the accuracy of all of the information contained in 
>> the Certificate (with the exception of the subject:organizationalUnitName 
>> attribute), and
>> 6) the issuer followed procedures to reduce the likelihood that the 
>> information contained in the Certificate’s subject:organizationalUnitName 
>> attribute is misleading
>> There may be other things certified, but these six things are required for 
>> all certificates, as I read the BRs.  Do others agree?  Should this list be 
>> longer or shorter?
>> Thanks,
>> Peter
>> _______________________________________________
>> Public mailing list
>> Public@cabforum.org <mailto:Public@cabforum.org>
>> https://cabforum.org/mailman/listinfo/public 
>> <https://cabforum.org/mailman/listinfo/public>

Public mailing list

Reply via email to