Ben Bucksch wrote:
How about reading the guidelines?
I did read it! Thorough and multiple times...trust me on that one...
They are public now. You work at a CA, don't you think it would be helpful? You even protest that you cannot participate in CABForum, but didn't read what it's about?
Since the guideline is not an entertaining news item of 10 lines, I can't read it every here and now...So I reacted on information posted by others and on the information which was none to me up to that moment.
Yes! And perhaps here are the hidden aspects you and others see a problem with it. Obviously, if a CA intends to implement and perform according to the spirit and guidance of the EV guidelines, then the verifications to be performed are effective! However as somebody (you?) pointed out, it might be likely to automate and circumvent certain aspects, specially the more expensive ones...Or as you call it: "Alternatives"...Perhaps one just has to learn the "alternatives" better ;-)FYI, the guidelines often have many *alternatives* for each verification step.
But what I wanted to show was, that at one point there is a site visit (and photo opportunity of the subscriber and company estate) and then of sudden there is none...Confusing, isn't it?
-- Regards Signer: Eddy Nigg, StartCom Ltd. Phone: +1.213.341.0390
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
