I only understand this "independent validation of domain control" because I'm on the thread. I don't think CAs who aren't actively involved will understand what it means. DigiCert has an RA. It's DigiCert. We validate our certificate orders and submit them to the CA for issuance. I think it should be clarified that this is referencing a) third-party RAs and b) where the CA relies on the RA to perform the domain validation function required under the Baseline Requirements.
Something like: "Does your CA have any third-party Registration Authority (RA)s program that the CA relies on to perform the domain validation required under Section 3.2.2.4 of the Baseline Requirements." Jeremy -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla .org] On Behalf Of Kathleen Wilson via dev-security-policy Sent: Monday, March 20, 2017 2:29 PM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Next CA Communication On Monday, March 20, 2017 at 10:59:41 AM UTC-7, Peter Bowen wrote: > On Mon, Mar 20, 2017 at 10:43 AM, Jeremy Rowley via > > [JR] This should be limited to SSL certs IMO. With client certs, > > you're going to get a lot more RAs that likely function under the > > standard or legal framework defining the certificate type. > > What if the question was scoped to "RAs that can do independent > validation of domain control" or some such? e.g. a classic "Enteprise > RA" set up where the CA's in-house RA confirms control of a public > suffix and then allows the Enterprise to internally confirm > certificate requests under the validated domain should not be counted > here. updated See action 9 here: https://mozilla-mozillacaprogram.cs54.force.com/Communications/CACommunicati onSurveySample?CACommunicationId=a050S000000G3K2 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy