[cabfpub] downgrade DV UI RE: OIDs for DV and OV

Gervase Markham gerv at mozilla.org
Fri Nov 7 09:49:12 UTC 2014

On 07/11/14 09:44, Eddy Nigg wrote:
> Does it reduce risk of intentional abuse? Yes

You need to be more specific on how you think it reduces the risk.

> Does it provide a trace to a real (legal) entity? Yes

But this is not a binary thing. Can an attacker get an OV certificate
with a bogus O field? However hard you think that is, it's certainly
easier to do that for OV than for EV.

> Or the other way around, why don't we just issue code signing
> certificates to anyone able to validate an email address? Ask Tom.

Code signing certificates are an entirely different use case, and I
don't think the comparison is useful.


More information about the Public mailing list