Hi Gerv, OK, I see your point. We'll come up with what we think are reasonable methods and document that in the CPS. That should work better than Gerv's vacation thoughts!
Doug > -----Original Message----- > From: dev-security-policy [mailto:dev-security-policy- > bounces+doug.beattie=globalsign....@lists.mozilla.org] On Behalf Of > Gervase Markham via dev-security-policy > Sent: Thursday, July 20, 2017 10:58 AM > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject: Re: Validation of Domains for secure email certificates > > Hi Doug, > > On 20/07/17 13:04, Doug Beattie wrote: > > Since there is no BR equivalent for issuance of S/MIME certificates (yet), > this is all CAs have to go on. I was curious if you agree that all of these > methods meet the above requirement: > > As you might imagine, this question puts me in a difficult position. If I say > that a certain method does meet the requirement, I am making Mozilla policy > up on the fly (and while on holiday ;-). If I say it does not, I would perhaps > panic a load of CAs into having to update their issuance systems for fear of > being dinged for misissuance. > > It is unfortunate that there is no BR equivalent for email. However, I'm not > convinced that the best way forward is for Mozilla to attempt to write one by > degrees in response to questioning from CAs :-) I think the best thing for you > to do is to look at your issuance processes and ask yourself whether you > would be willing to stand up in a court of law and assert that they were > "reasonable measures". When thinking about that, you could perhaps ask > yourself whether you were doing any things which had been specifically > outlawed or deprecated in an SSL context by the recent improvements in > domain validation on that side of the house. > > Gerv > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
