On 11/19/15 11:00 PM, h-k...@secom.co.jp wrote:
Dear Kathleen-san,
The updated CP for detailed descrition(the certificate subscriber
owns/controls) about domain verification for the section 3.2.7 is attached on
bugzilla.
https://bugzilla.mozilla.org/attachment.cgi?id=8689921
Email address verification does not apply to this EV SSL CP/CPS.
The corresponding section were made comprehensible by blue characters.
Thank you for your consideration.
Thank you, Kamo-san.
All,
As requested, the CP has been updated to reflect what SECOM does in
regards to domain name validation. Note that this information was
already available on the SECOM website, but we asked that it also be
added to their CP.
Here is the text that was added to the CP:
~~
The authentication method is as follows:
1. Using the WHOIS registry service, SECOM Trust System verifies that
the relevant subscriber owns the domain to which the Certificate pertains.
2. Should the owner of the domain be different from the subscriber,
SECOM Trust Systems authenticates the domain by having the domain owner
submit to SECOM Trust Systems a document granting subscriber the
permission to use the domain or by sending a verification e-mail to the
e-mail address of the domain owner registered in the WHOIS registry service.
~~
If everyone is OK with this, then I will proceed with recommending
approval of this request to enable EV treatment for the "Security
Communication RootCA2" root certificate.
I will also track an action item to ensure that SECOM adds the updates
in the translated version of their CP back to the original CP.
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy