[Cscwg-public] Improving the language for verification of address

Tim Hollebeek tim.hollebeek at digicert.com
Tue Feb 8 19:53:31 UTC 2022

In 11.1.2, we have the following language:

"The CA MUST also verify the address of the Requester using ... (iii) an access code to activate the Certificate where the access code was physically mailed to the Requester; ..."

This is rather sloppy language.  Remember, at this point, we are still verifying the identity of the Applicant, so there's no "Certificate" that exists yet, and "activate" is not a defined operation for a certificate in the context of the code signing BRs.  The normal definition for certificate activation doesn't make sense in this context anyway, since at this point we're just verifying an address.

It seems like it should say something along the lines of:

"(iii) physically mailing a secret code to the Requester's address and confirming the Requester's receipt of the code by having the Requester communicate it back to the CA"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/cscwg-public/attachments/20220208/d3385aa5/attachment.html>

More information about the Cscwg-public mailing list