I added a paragraph about this to the Recommended Practices wiki page...
https://wiki.mozilla.org/CA:Recommended_Practices#Verifying_Domain_Name_Ownership
==
It is not sufficient to simply reference section 11 of the CA/Brower
Forum's Baseline Requirements (BR). BR #11.1.1 lists several ways in
which the CA may confirm that the certificate subscriber owns/controls
the domain name to be included in the certificate. Simply referencing
section 11 of the BRs does not specify which of those options the CA
uses, and is insufficient for describing how the CA conforms to the BRs.
BR #8.2.1 says: "The CA SHALL develop, implement, enforce, and annually
update a Certificate Policy and/or Certification Practice Statement that
describes in detail how the CA implements the latest version of these
Requirements."
==
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy