On Sun, Aug 19, 2018 at 3:56 PM Eric Mill <e...@konklone.com> wrote: > On Thu, Aug 16, 2018 at 6:52 PM Jakob Bohm via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > >> - While infinitely wealthy organizations can afford getting separate >> certificates for each DNS name, and while lowest-security (DV) >> certificates are now available for zero dollars in the US, SANs remain >> significant in case of high security validation (OV, EV) that costs >> real money and effort, both to pay the CA and to provide evidence of >> human and organizational genuineness, such as showing government IDs, >> obtaining certified copies of registration statements, answering >> validation phone calls to CEOs at strange hours etc. >> > > DV certificates are appropriate for even the largest of organizations, and > are likely to supplant OV/EV certificates over time. For an example by one > of the largest enterprises in the world, see the U.S. Department of > Defense's policy changes to allow and encourage the use of DV certificates > throughout its public-facing infrastructure, and their public commitment to > Congress to use this policy change to complete their public HTTPS-only > transition by the end of 2018: > > > https://www.wyden.senate.gov/imo/media/doc/wyden-web-encryption-letter-to-dod-cio.pdf >
Wrong URL on my part - that was the letter to the Department of Defense, and this is the letter they responded with describing their approval of DV certificates and their plans in 2018 and beyond: https://www.wyden.senate.gov/imo/media/doc/Wyden%20-%20DoD%20Web%20Services%20-%20Best%20Practices%20(Jul%2020%202018).pdf -- Eric _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy