<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
On 10/19/2012 04:50 PM, From Phillip:
<blockquote
cite="mid:02C67A31-4E32-4A42-AF8E-A67E523FA141@comodo.com"
type="cite">
<pre wrap="">There is in any case a big difference between what the EV guidelines require and what CAs actually do.</pre>
</blockquote>
<br>
Probably not always, but many times.<br>
<br>
<blockquote
cite="mid:02C67A31-4E32-4A42-AF8E-A67E523FA141@comodo.com"
type="cite">
<pre wrap="">The EV criteria are the minimum. But CAs have always gone beyond the minimum. There are many controls that are much easier to employ in practice than define as a requirement.</pre>
</blockquote>
<br>
True - the policies define what we must do - there are implemented
practices which are done as a best effort for example, but which
can't be 100%. No CA wants to fail an audit because of a disclosed
practice it can't enforce 100%. It doesn't mean that it doesn't
exist though.<br>
<br>
<br>
<div class="moz-signature">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
</body>
</html>