Ka-Ping Yee wrote:
The first primary purpose of an EV certificate is to identify the
legal entity that controls a website.
Clearly individuals control the vast majority of websites. So why
are individuals forbidden to get EV certificates?
Good question. The original answer was that it's much harder to get
sufficient verified information on an individual than it is on the
existence of a company; in other words, it was fallout from the strength
of the vetting.
However, several CAs have expressed displeasure at this, and are working
in the next few weeks to try and find a way to expand the guidelines to
allow more different types of entity to get EV certificates, without
weakening them.
Suggestions as to how that might be achieved would be welcome.
Gerv
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security