Previous discussions on this list, which all CAs are required to follow, have made it clear that either challenge-response or domain validation is sufficient to meet Mozilla's policy for e-mail addresses.
Yes, the context was SMIME validation, but I am very troubled to hear that instead of using the same rules for E validation, a CA would argue that it's appropriate or allowed to do virtually no validation at all. It's not. -Tim > -----Original Message----- > From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> On > Behalf Of pekka.lahtiharju--- via dev-security-policy > Sent: Tuesday, August 21, 2018 9:41 AM > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject: Re: Telia CA - problem in E validation > > The first item in Mozilla policy is impossible for all CAs related to E verification > because there aren't any valid independent sources to check support email > addresses. You potentially could validate only domain part of the email address > which doesn't cover the requirement that ALL information must be verified > from such source. Most persons in this discussion have recommended using > challenge-response method in E verification but I'm afraid it is also against > Mozilla requirement 2.1step1 because no independent source or similar is > involved. > > The second item in Mozilla policy is not valid because these SSL certificates are > not capable in email messaging. It is clear for SMIME certificates and with them > we follow it. > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://clicktime.symantec.com/a/1/_lQ2yVFZFmZcMjnytNPPhWO033O4qV_A > d55EzA51Pnk=?d=Y3bT5wPI37DMxsvQ8o4N0HWiVOyK- > eNjbf7Jxhf7xvbeeJ8yf2cm7BADzRYUkQBvJRPouhxTXVjeAHvJIbLkG1NtZ1dnYnq > Y9ml3RxSoU8xz4soa15OSeMmOPKzQVmJY7ww9X4cgmfNXg_uQol0UxeXzoYO > yGMgMGSxVEC9cnLih0UOrXrJ5LjeSUxitIBgvH5FkQI1xfXEjNw9wtpbPvdyEhaqo > ON0bDkt0yC_Hu_UdML9zgpKAP49LuY60sd9_6Qq96a8c8- > fyjS0hTrOnMPIXsWafHYDN9NT4eHV5nEf1efk9v28xBU02Kv- > J_s5IwNByYW_TzPwQUEE4faBuitNYmCr_sJkSY2jMpE3xWHJxAGZWtkcKHHOm > gv6V4X3GGPDexnyYYzEaV2tSYdUJi7zc-uno0zG9- > CjM7SqOuA%3D%3D&u=https%3A%2F%2Flists.mozilla.org%2Flistinfo%2Fdev- > security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy