[cabfpub] Non-whitelisted email addresses used for DV issuing

Ryan Sleevi sleevi at google.com
Mon Mar 30 15:04:08 UTC 2015

OK. So we can conclude CERT has reached a different conclusion than
browsers and CAs.

I don't believe CERT's reply is at all consistent with other validation
methods - that is, it would seem they have decided to take issue with DV in
general, as compared to other validation methods. That is certainly their
prerogative, but not a conclusion I share at all.

At least it would be more helpful for them to list their perceived
vulnerability as accepting email validation at all, rather than conflating
the issue with non-whitelisted addresses.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150330/6ce614d7/attachment-0003.html>

More information about the Public mailing list