Unfortunately, the BRs make no stipulation on how Proof of Possession is done
(https://github.com/cabforum/documents/blob/master/docs/BR.md#321-method-to-prove-possession-of-private-key).
Most CAs, in my experience, simply treat the signature on the CSR as sufficient
to demonstrate control of a
On Monday, April 24, 2017 at 9:58:29 PM UTC-7, Jakob Bohm wrote:
> On 25/04/2017 05:04, Ryan Sleevi wrote:
> > On Mon, Apr 24, 2017 at 9:42 PM, Jakob Bohm via dev-security-policy <
> > dev-security-policy@lists.mozilla.org> wrote:
> >
> >> On 25/04/2017 03:10, Peter Kurrasch wrote:
> >>
> >>> Fair
On Monday, April 24, 2017 at 8:02:15 PM UTC-7, Peter Kurrasch wrote:
> I see what you're saying and there should be some consideration for that
> scenario. If the acquiring company will keep all the same infrastructure and
> staff and if decision making authority will remain with that staff,
> Outside of EV, can you articulate why (preferably in a dedicated thread)
> There have been requests over the years from a variety of CAs for this.
> Each time, they've been rejected. If there's new information at hand, or a
> better understanding of the landscape since then, it would be
4 matches
Mail list logo
