Re: Telia CA - problem in E validation

[pekka.lahtiharju--- via dev-security-policy]

In our implementation E value in our certificates was "true" if it passed our 
technical and visual verification. If the BR requirement is to do "any" 
verification for E then the verification techniques we used should be OK. We 
think that BR has meant that both OU and E are based on values defined by 
Applicant and it is not mandatory to do any email send/response verification. 
How do you conclude that BR words "has been verified by the CA" actually means 
that some email has to be sent? In our opinion E is just a support email 
address and its verification is not similar to important subject fields like 
O,L or C but can be compared to OU verification.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy