[cabfpub] Ballot 122 - Verified Method of Communication

Kelvin Yiu kelviny at exchange.microsoft.com
Wed May 7 19:15:04 UTC 2014


Microsoft votes NO.

I share Gerv's concern. It is not clear to me how section 11.4.2 contributes to the verification of the applicant's physical existence and I am concerned that removing 11.4.2 may weaken section 11.4 overall. I also would like to see a tighter definition for the acceptable methods of communications, perhaps with a set of principles that can be used to justify why a particular method of communication is sufficiently reliable. 

Kelvin

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham
Sent: Friday, May 2, 2014 2:05 AM
To: public at cabforum.org
Subject: Re: [cabfpub] Ballot 122 - Verified Method of Communication

On 01/05/14 17:43, Ben Wilson wrote:
> Voting starts today.  (Unless otherwise told, I am counting the votes 
> received already from SECOM and Actalis.)

The question here is: what is the "Telephone Number for Applicant’s Place of Business" requirement actually there for? Is it to make sure that the CA can communicate with the applicant during the issuance process? Or is it part of the system making sure that the applicant is who they say they are, and can be traced as real?

Is the information obtained here part of the cert, or not?

The EV Guidelines say:

" To further verify the Applicant’s physical existence and business presence, as well as to assist in confirming other verification requirements, the CA MUST verify a main telephone number for one of the Applicant’s Places of Business."

I don't think an email address does anything to "further verify the Applicant’s physical existence and business presence".

However, I do see the issue that perhaps there are now businesses out there who do not have a standard fixed landline phone. I am open to finding a solution to this issue, but it seems to me that:

" a public telecommunication routing number (ITU- T E.164-compliant fixed, mobile, fax, or SMS), an email address, or a postal delivery address"

is too broad, and the new requirement does not serve the same purpose as the old, as it says it's solely for obtaining "a reliable way of communicating with the Applicant".

So Mozilla's current vote is NO.

Gerv
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public


More information about the Public mailing list