The BRs forbid delegation of domain and IP address validation to third parties. However, the BRs don't forbid delegation of email address validation nor do they apply to S/MIME certificates.
Delegation of email address validation is already addressed by Mozilla's Forbidden Practices [1] state: "Domain and Email validation are core requirements of the Mozilla's Root Store Policy and should always be incorporated into the issuing CA's procedures. Delegating this function to 3rd parties is not permitted." I propose that we move this statement (changing "the Mozilla's Root Store Policy" to "this policy") into policy section 2.2 "Validation Practices". This is https://github.com/mozilla/pkipolicy/issues/175 I will appreciate everyone's input on this proposal. - Wayne [1] https://wiki.mozilla.org/CA/Forbidden_or_Problematic_Practices#Delegation_of_Domain_.2F_Email_Validation_to_Third_Parties _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy