[cabfpub] Assumed names and organization names

Jeremy Rowley jeremy.rowley at digicert.com
Mon Mar 9 21:05:23 MST 2015


In the code signing working group, we've discussed abuses associated with assumed names and organization names. Names like "Click Here" or deceptive names like "Facebook" (when it's not Facebook) can trick users into trusting a cert they otherwise wouldn't use.

One suggestion to mitigate this issue is to require org names in certs be entered just like EV certificates - ie, the org name (including the Inc., LLC, etc) must be included along with an optional assumed name. Although this would primarily benefit code signing certificates (where names are readily displayed), this suggestion makes sense as a baseline requirement amendment since we really don't want deceptive names in any certificates.

What does everyone think about amending the baseline requirements so that certs including an org name must include the validated organization name in the O field?

Jeremy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20150310/285df527/attachment.html 


More information about the Public mailing list