Gervase Markham wrote:
Basically, you need a signature that will hold up in court. Do
***what. ever*** is appropriate in your country.
And for vetting individuals, I'm sure something like this will be done.
Good. If it can be done for individuals, it can also be done for CEOs.
But it's not appropriate for businesses and corporations. Why should
some poor person at Microsoft have to have his personal details
encoded into all their certificates?
I think you misunderstood me. They don't. This is only to verify the
signature that the CA gets, to ensure that the who gets the certs is
actually allowed to make decisions for the company, or is authorized by
such a person.
But you have to know exactly when the CA is going to call.
No, not necessarily. Caller ID. Reroute all calls coming from CA.
EV is a way to use market forces to drive things in the right direction.
No. It states a bar, but not a direction. The direction will still be
weaker checks, until you reach the absolute minimum, or lower if you
don't get caught. It would change the *direction*, if it would include
liability.
[dba] They should definitely be separate fields.
I think there may be technical issues with that.
I can't see any, given that new fields / formats are being defined,
technically.
But we can suggest it.
Thanks.
Thanks for the responses,
Ben
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
