OK, let's dive into the CPS dissection game... On Tue, Jul 29, 2014 at 03:26:08PM -0700, Kathleen Wilson wrote: > ** CPS section 3.2.2.3, Extended Validation Certificates (SSL and > Code Signing): For Extended Validation Certificates, the EV > Guidelines are followed.
I'm new to this, so perhaps the answer is "yes, of course it is", but is that a sufficient description of how EV certs are validated? The EV guidelines contain wording such as "Acceptable methods [...] include", which suggests to me that other methods *could* be used. What are the methods that are used by this CA for issuance of certificates under this root? At the very least, I think there needs to be better description of *which* EV guidelines are being followed. "Guidelines for the Issuance and Management of Extended Validation Certificates, version 1.4.9 or later, as published by the CA/Browser Forum" would be a far less ambiguous description. > ** CPS section 3.2.3.1, Class 1 (Personal Sign 1 & PersonalSign 1 > Demo Certificates): The Applicant is required to demonstrate control > of the email address to which the Certificate relates. How is this done? - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy