Hi Dimitris, You certainly echo the sentiment of others in this forum by directing me to the CABF but my concerns are particular to HARICA at this point. Simply put, the CABF BR has security gaps in section 3.2.2.4 which can result in certificate mis-issuance. There is no reason HARICA must tolerate such gaps in its own policies. So the question I guess comes down to this: Is HARICA able to tighten its own controls regarding section 3.2.2.4 and go beyond what the BR has outlined? Thanks.
All these methods are approved and published in the CA/B Forum Baseline Requirements. Perhaps it would be best to raise these concerns in the CA/B Forum's public mailing list (pub...@cabforum.org). In any case, if the CA/B Forum changes these methods, all CAs (including HARICA) will have to adjust their practices (and practice documents) to remove the verification methods you mentioned. |
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy