> > Sounds good. This was your proposed response to solving this issue > > back on May 13, so it's full circle :) > > > > > > I'm going to consider this issue resolved unless there are further > > comments. > > Just checking whether the following is acceptable. > > If a CA validates the domain mycompany.example being owned/controlled by > "mycompany", can this company delegate the issuance of > S/MIME certificates for subsection1.mycompany.example to an internal > department or a subsidiary? Does the proposed language allow > this?
I'm also not sure if I understand the wording correctly. Let's assume, an internal CA of company "mycompany" gets successfully validated for mycompany.example and receives a (possibly name constrained) certificate for its issuing CA from one of the root CAs. Can this internal CA issue certificates for every email address under @mycompany.example without further validation or is an internal validation process required? My opinion is, that such an internal validation process doesn't increase security, since mycompany controls the mailservers of mycompany and can anyhow validate everything. By the way: How are CAA records to be treated in the scope of S/MIME? Since gmail.com has a CAA record that prevents every CA except of Google to issue certificates for gmail.com, does this also forbid every CA to issue certificates for rufus.busch...@gmail.com? With best regards, Rufus Buschart Siemens AG Siemens Operations Information Technology Value Center Core Services SOP IT IN COR Freyeslebenstr. 1 91058 Erlangen, Germany Tel.: +49 1522 2894134 mailto:rufus.busch...@siemens.com www.twitter.com/siemens www.siemens.com/ingenuityforlife Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann Snabe; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel, Cedrik Neike, Michael Sen, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
