[cabfpub] Ballot 92 - Subject Alternative Names
Gervase Markham
gerv at mozilla.org
Fri Nov 16 17:24:23 UTC 2012
On 16/11/12 16:56, Jeremy Rowley wrote:
> In that case, isn't the most appropriate action for Mozilla to raise its
> concern about the level of vetting required for inclusion of the O field in
> the form of an amendment to the baseline requirements? If Mozilla doesn't
> believe the baseline requirements are sufficient, I'd appreciate a proposed
> amendment about what is sufficient to show the O field.
This is an old debate which I'm not sure it's enormously valuable to
re-enter.
The BRs, at the request of CAs who wanted it, contains some codified
requirements on the minimum validation CAs have to do in order to
include the O field in a cert.
Mozilla has opinions about the minimum validation required such that we
feel comfortable displaying the O field in primary UI. There is no
reason why this should be the same as "the validation specified in the
BRs". There is also no reason why other clients should share our
opinions; they may well have different opinions, and do different things
accordingly.
As it turns out, we feel that EV is strong enough for confident O field
display, and the BRs are not. For us, one of the driving purposes of EV
was to specify the minimum standard of validation necessary that we
could be confident displaying the O field in primary UI. (If you think
EV goes above and beyond that, then propose amendments to simplify it.)
There is no point us trying to change the BRs so that they validate the
O field to EV standard; what would be gained? It is much easier to just
keep our software working the way it does today.
Gerv
More information about the Public
mailing list