<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <br>
    On 05/03/2013 04:47 PM, From Bruce Morton:
    <blockquote
cite="mid:452C99D20750E74083DBA441FF9323857BF44AA3@SOTTEXCH10.corp.ad.entrust.com"
      type="cite">
      <pre wrap="">I think for OV and EV, the domain validation includes contact with the organization to confirm authorization.
</pre>
    </blockquote>
    <br>
    You can't confirm if somebody controls a domain by contacting the
    applicant - probably you meant for domains that are not directly
    owned by the applicant you'd have to contact the domain owner...<br>
    <br>
    ...Which in my opinion should be prohibited in any case. I believe
    that the certificate subject should identify the entity that runs
    and stands behind the site and not some possible third party that
    provides some hosting or other service.<br>
    <br>
    <br>
    <div class="moz-signature">
      <table border="0" cellpadding="0" cellspacing="0">
        <tbody>
          <tr>
            <td colspan="2">Regards </td>
          </tr>
          <tr>
            <td colspan="2"> </td>
          </tr>
          <tr>
            <td>Signer: </td>
            <td>Eddy Nigg, COO/CTO</td>
          </tr>
          <tr>
            <td> </td>
            <td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
          </tr>
          <tr>
            <td>XMPP: </td>
            <td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
          </tr>
          <tr>
            <td>Blog: </td>
            <td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
          </tr>
          <tr>
            <td>Twitter: </td>
            <td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
          </tr>
          <tr>
            <td colspan="2"> </td>
          </tr>
        </tbody>
      </table>
    </div>
    <br>
  </body>
</html>