Nelson Bolyard wrote: > The 3 sets of claims used for SSL servers have names "DV", "OV" and "EV". > Of those, EV is well defined and documented. DV is pretty well understood > but I don't know of any document that defines it very well. OV is the > least well defined, which is why browsers do not give any special treatment > to OV certs. In some sense, for Mozilla browser users, the definition of > DV is (I think) the minimum set of things a CA must do to have its root > CA cert accepted by mozilla foundation. Maybe Frank can write up a > statement of what it takes to qualify a DV CA. Mozilla's CA policy > implies that such a definition exists, but doesn't seem to give it.
I did a first draft of definitions for DV, etc., at https://wiki.mozilla.org/CA:Glossary Please revise it as you wish. > I think that, in practice, there are effectively two sets of claims widely > used in email certs, and a third one is now being planned. The first two > do not have vendor-independent names, so I will use one vendor's names > for them: class 1 and class 2. Class 1 is for email what DV is for SSL. > It proves a connection between the email address in the cert and the > mailbox associated with that address, but nothing about the identity of > the person behind the mailbox. I unilaterally coined the term "AV" ("address validation" or "address validated") for this. > class 2 proves something about the > identity of the person behind the mailbox, but it may be little more > than a person's name or employee number. I think the existing term "IV" ("identity validation" or "identity validated") covers this. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
