[cabfpub] Ballot 122 - Verified Method of Communication
kelviny at exchange.microsoft.com
Wed May 7 12:15:04 MST 2014
Microsoft votes NO.
I share Gerv's concern. It is not clear to me how section 11.4.2 contributes to the verification of the applicant's physical existence and I am concerned that removing 11.4.2 may weaken section 11.4 overall. I also would like to see a tighter definition for the acceptable methods of communications, perhaps with a set of principles that can be used to justify why a particular method of communication is sufficiently reliable.
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham
Sent: Friday, May 2, 2014 2:05 AM
To: public at cabforum.org
Subject: Re: [cabfpub] Ballot 122 - Verified Method of Communication
On 01/05/14 17:43, Ben Wilson wrote:
> Voting starts today. (Unless otherwise told, I am counting the votes
> received already from SECOM and Actalis.)
The question here is: what is the "Telephone Number for Applicant’s Place of Business" requirement actually there for? Is it to make sure that the CA can communicate with the applicant during the issuance process? Or is it part of the system making sure that the applicant is who they say they are, and can be traced as real?
Is the information obtained here part of the cert, or not?
The EV Guidelines say:
" To further verify the Applicant’s physical existence and business presence, as well as to assist in confirming other verification requirements, the CA MUST verify a main telephone number for one of the Applicant’s Places of Business."
I don't think an email address does anything to "further verify the Applicant’s physical existence and business presence".
However, I do see the issue that perhaps there are now businesses out there who do not have a standard fixed landline phone. I am open to finding a solution to this issue, but it seems to me that:
" a public telecommunication routing number (ITU- T E.164-compliant fixed, mobile, fax, or SMS), an email address, or a postal delivery address"
is too broad, and the new requirement does not serve the same purpose as the old, as it says it's solely for obtaining "a reliable way of communicating with the Applicant".
So Mozilla's current vote is NO.
Public mailing list
Public at cabforum.org
More information about the Public