[cabfpub] [EXTERNAL]Re: Obtaining an EV cert for phishing
wthayer at mozilla.com
Wed Nov 29 17:44:26 UTC 2017
The EV process is intended to gather a robust body of information about the
Subject that, when viewed collectively, "provides users with a trustworthy
confirmation of the identity of the entity". James and later Ryan have
pointed out a weakness in the standard where incorrect data from a single
data source (QGIS) could be used to obtain a "properly validated" EV
certificate containing that incorrect data.
A positive outcome from this discussion would be for the Validation WG to
review this information and propose changes to the EVGLs (such as a
requirement for face-to-face validation mentioned by Jeremy) that mitigate
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public