Would it be reasonable to have some sort of global database where the company names and other identifiers that can be displayed in UI will be stored including some sort of contact data? In the validation process for EV the CA could then be required to contact the companies with similar names (define use of levenshtein distance or other algorithms to find them) and give them time to respond to a new EV certificate request.
With that the companies could at least take some sort of legal actions to prevent malicious use of the EV cert mentioning their company name. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy