I'm CFCA's representative Zhao GaiXia and this is the officially respond account(using google groups).
Thanks for your reply! CFCA do not have limits relate to TLDs in SSL certificates, as is listed above http://www.cfca.com.cn/file/CFCA-1403-CPS-en.rar " ** CPS section 3.2.2.4: Applications for EV SSL Certificates can only be submitted to CFCA. The subject must be the domain name of the web server, not the IP address. The domain name must not contain wildcards. The applicants can only be private organizations, business entities, government entities and non-commercial entities and should meet the following requirements: ... " The survey from the University of Michigan may reflect the status of customers of CFCA for a period, but it's not a specification or a statement such as CPS. for example the EV certificate in the test website https://pub.cebnet.com.cn is an EV certificate with TLD "cn" and as listed above, if an organization wants an EV certificate with TLD "org", and conform all specifications and standards including CPS 3.2.2.4, there is no reason to reject. CFCA do not have plans to be name constrained for EV/GT system now. --Zhao GaiXia _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
