Nelson B Bolyard wrote: > Bruce wrote, On 2008-06-06 14:46: <snip> >> Business ID is generally performed through third party database look- >> ups. Individual ID is accepted by fax. > > Is that good enough for Individual ID? > Can you detect if an individual faxes a stolen ID?
Before we go too far down this path... I believe that having people fax in identity documents (whether individual or corporate) is a fairly common and accepted practice in the CA world. Unless someone can show me that I'm wrong and that Entrust's practices are significantly out of line with the rest of the industry, this is not an issue I'd see as relevant for this particular request. This touches on the point I made earlier about "reasonable measures" as used in our CA policy, and the term "commercially reasonable" as used in US and Canadian legal contexts. The contrasting legal term to "commercially reasonable" is "best efforts", which is a more stringent standard implying (in a CA context) that the CA would take pretty much any and all measures practicable to verify identity ("leave no stone unturned") and would strive to minimize as much as possible the possibility of accepting a fraudulent application. In my opinion the level of verification for IV/OV certs, as practiced in the CA industry and required by our policy, corresponds to a "commercially reasonable efforts" standard. If we want to apply a "best efforts" standard then IMO that's what EV is for. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto