On Wednesday, March 1, 2017 at 8:26:34 AM UTC-5, Peter Kurrasch wrote: > Would it be possible to get a more precise answer other than "in accordance > with"? I am left to assume that in fact no verification was performed because > the previous verification was in the 39 month window.
For this SSL product, customers place orders which are vetted to the OV level with normally just a single SAN. Once the order has been approved they can add SANs by verifying domain control via DNS or File based verificaton options. Over time they add and remove SANs as their customer base changes. They can re-issue the certificate which keeps the expiration date and the subject DN the same, but they add and remove SANs. In this case they did not remove SAN which are clearly not functional and are for domains which have expired. The reissueance process does not require the re-verification of the domain control, thus the certificate was reissued with these SANs. Subscribers are required to tell us when the certificate contents is no-longer accurate so appropriate action can be taken, but clearly this customer did not inform us. We'll be talking with them about this to find out why. Doug > > Original Message > From: douglas.beattie--- via dev-security-policy > Sent: Tuesday, February 28, 2017 6:46 AM > > ...snip... > > > I also would like to have an official reply from GlobalSign saying that "on > > the date they issue the certificate the domain exists". > > On the date that the certificate was issued it was verified in accordance > with the Domain Verification requirements in the BRs. > > Doug Beattie > GlobalSign > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
