[cabfpub] Non-whitelisted email addresses used for DV issuing
Eddy Nigg
eddy_nigg at startcom.org
Mon Mar 30 22:06:03 UTC 2015
On 03/30/2015 05:55 PM, Adriano Santoni - Actalis S.p.A. wrote:
> I do not agree with our company being listed as "affected", as our CPS
> does not allow non-whitelist email addresses. However, Will's
> rationale is that - regardless of the BRs - domain validation by email
> is a security problem in itself, even when only whitelisted email
> addresses are used:
But for this we have EV (and even IV/OV validations to some extend).
It's obviously and clearly known that domain control validations have
their limits, on the other hand are also very useful for the right
purpose (where the right purpose is probably an open question depending
on the CA, browser, subscriber and relying party).
--
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150331/2b7cbeb3/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4313 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150331/2b7cbeb3/attachment-0001.p7s>
More information about the Public
mailing list