(Same Pedro as before...it was another account)
>
> There's nothing that specifies the cert must be issued after the verifying
> control or that issuance can't be part of the verification process. Although
> this seems backwards, I still think it's compliant with the Mozilla policy.
>
Well..
ity-policy@lists.mozilla.org
Subject: Re: s/MIME certs and authentication
On Thu, Dec 13, 2018 at 09:50:21AM -0800, pedro.wisekey--- via
dev-security-policy wrote:
> For S/MIME capability itself, we are required to ensure that "the
> entity submitting the request controls the ema
On Thu, Dec 13, 2018 at 10:53 AM pedro.wisekey--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Maybe we should set clear grounds on what is verified and how, not only in
> the frequency.
>
> I agree and think that creating piecemeal requirements is a bad idea. The
CAB
Maybe we should set clear grounds on what is verified and how, not only in the
frequency.
For S/MIME capability itself, we are required to ensure that "the entity
submitting the request controls the email account associated with the email
address referenced in the certificate", so by merely
On Wednesday, December 12, 2018 at 7:59:46 PM UTC-5, Jeremy Rowley wrote:
> Some systems look like they verify the email address/domain name at issuance
> and then never again for the same account. Other systems verify the email
> address and domain every 825 days. The last set verifies the email
5 matches
Mail list logo