>> 4. It isn't clear how a CA would go about securely verifying that a >> mail hosting provider like GMail is authorized by a domain name owner >> (e.g. example.com) to request and use a certificate with a srvName for >> the domain name (e.g. GMail asking for an _imap.example.com >> certificate).
> The the CA's job, the certificate would be obtained by the customer and > provisioned by the customer via a customer admin portal. I think what's being asked is how would the CA do the verification before issuing the cert? >> In practice, traditionally standardizing such practices is done in the >> CABForum. If CABForum is inappropriate here, then how will such >> issuing practices be standardized? > CAs should never issue certificates for a domain to a third party. > So there's nothing to standardize. We do it all the time. You outsource your web site to a hosting company, and the hosting company applies for and gets the cert on your behalf. -Rick _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
