Yeah, but unvalidated "information" is not "informative" in any useful way.
-Tim > -----Original Message----- > From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> On > Behalf Of pekka.lahtiharju--- via dev-security-policy > Sent: Tuesday, August 21, 2018 9:59 AM > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject: Re: Telia CA - problem in E validation > > The purpose of this E value and SAN-rfc822 value is completely different. The > former is typically an information to server users where is its support. The > latter for email messaging. Thus it is natural that the verification requirements > of those two fields are also different (like they are). > > I completely agree that verification of SAN-rfc822 has to be challenge-response > or domain based but the same doesn't apply to this E which is only informative > field like OU. > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://clicktime.symantec.com/a/1/L6gW5CkSOwyu- > 5hl92vrKoozZhevZGTi1bqkARk0lDA=?d=tcaVpOxV1GZEsht-O5I- > U1jUfOFbghk57eRNA4QIgc3Uw4rUol-c03Y4fMcVWJF1ZerQdZi4v4h-np- > 1dARE42nMHSf8aUFNZjD_8NbzDyxU48VdpbKSdRNuh9TCm1_xS39jm- > iu5N39wqrGYHD09F1LIinG2AXeJODvae0i3tBZynuZyDpFRwK5fgr87sR8O6J9gzW > vb6SiokKC- > 2Vd7BTaTuruLtXnLBM25IHfj77EQICOI2CKxe3iYbKmYS7XsoLfUBjpvdbXQ7AwL9 > sV56X2vvD74hClclwAD85eyRj5DtN6_7eqs95arC4rNn3vVKlBuXwUv5M83ljY_sFi > EBHNG0-8TOuURHS9h- > L841SrtQumQ8qWSMjOCKHG2Jnn8Xr2OOLWnoY7ZKVoGhEmT7RD8NgG29ipn > F320B_Lcw%3D%3D&u=https%3A%2F%2Flists.mozilla.org%2Flistinfo%2Fdev- > security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy