[cabfpub] downgrade DV UI RE: OIDs for DV and OV
Gervase Markham
gerv at mozilla.org
Fri Nov 7 02:49:12 MST 2014
On 07/11/14 09:44, Eddy Nigg wrote:
> Does it reduce risk of intentional abuse? Yes
You need to be more specific on how you think it reduces the risk.
> Does it provide a trace to a real (legal) entity? Yes
But this is not a binary thing. Can an attacker get an OV certificate
with a bogus O field? However hard you think that is, it's certainly
easier to do that for OV than for EV.
> Or the other way around, why don't we just issue code signing
> certificates to anyone able to validate an email address? Ask Tom.
Code signing certificates are an entirely different use case, and I
don't think the comparison is useful.
Gerv
More information about the Public
mailing list