[cabfpub] Non-whitelisted email addresses used for DV issuing

Ryan Sleevi sleevi at google.com
Mon Mar 30 08:04:08 MST 2015


OK. So we can conclude CERT has reached a different conclusion than
browsers and CAs.

I don't believe CERT's reply is at all consistent with other validation
methods - that is, it would seem they have decided to take issue with DV in
general, as compared to other validation methods. That is certainly their
prerogative, but not a conclusion I share at all.

At least it would be more helpful for them to list their perceived
vulnerability as accepting email validation at all, rather than conflating
the issue with non-whitelisted addresses.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20150330/6ce614d7/attachment.html 


More information about the Public mailing list