RE: Validation of Domains for secure email certificates

g.beattie=globalsign@lists.mozilla.org] On Behalf Of > Gervase Markham via dev-security-policy > Sent: Thursday, July 20, 2017 10:58 AM > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject: Re: Validation of Domains for secure email certificates > > Hi Doug, > > On 2

Re: Validation of Domains for secure email certificates

On 20/07/2017 14:04, Doug Beattie wrote: Gerv, In general, it is common to have an S/MIME certificate for an e-mail account that does *not* belong to the domain owner. This is especially true if the domain is a public/shared/ISP e-mail domain and is set up to allow some way for the e-mail

Re: Validation of Domains for secure email certificates

Hi Doug, On 20/07/17 13:04, Doug Beattie wrote: > Since there is no BR equivalent for issuance of S/MIME certificates (yet), > this is all CAs have to go on. I was curious if you agree that all of these > methods meet the above requirement: As you might imagine, this question puts me in a

Validation of Domains for secure email certificates

Gerv, Mozilla Policy 2.5 states this: For a certificate capable of being used for digitally signing or encrypting email messages, the CA takes reasonable measures to verify that the entity submitting the request controls the email account associated with the email address referenced in