* Eddy Nigg: >>> There is a middle ground ignored which is bad. There >>> are organizations which can't be validated according to EV, they would >>> certainly benefit from it. >> >> For example? > > Anything out of this list: https://www.startssl.com/?app=30#requirements > > Self-employed and small business of different types and forms which > are legal businesses in many countries are exempt. Not speaking about > individuals which are out of the scope of EV. That's where the middle > Class comes in.
Organizations not on this list can usually get an EV certificate through a corporate sponsor. The EV process does not verify that the party to which the certificate is issued is the actual end user, or that it is the legal entity which controls the domain name mentioned in the Common Name field. The Firefox UI for EV certificates (the "which is run by" part) is somewhat misleading as a result. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto