[Servercert-wg] Correct state and locality for US army post offices

[Ryan Sleevi]

On Tue, Jun 30, 2020 at 5:19 PM Tim Hollebeek <tim.hollebeek at digicert.com>
wrote:

> In the absence of such a clear standard, we must look elsewhere.  I don’t
> think the comment about “dead drops” is helpful, and seems to be trying to
> make a false equivalence.  As I noted in my background, these addresses
> exist to increase the level of assurance for mail delivery to these
> addresses, which is kind of the opposite.
>

Apologies if it didn't seem helpful, but I think it's highly relevant here.
For EV, at least, we know that the jurisdiction fields relate to the
incorporation data, not to the mailing address or physical location or
branch office. As you (rightfully) highlight, the level of assurance of OV
is unspecified, and as a result of that, doesn't provide much for assurance.

If folks want OV to be mailing addresses, then we have to accept that OV
doesn't provide assurance about where something physically exists. If we
expect for OV to be physical addresses, then we have to reject schemes that
are focused on postal mail routing.

This is, broadly, part of the question of the value of OV, and while I
realize it's probably not your intent to spark a spirited debate on that,
I'm equally surprised that more CAs didn't chime in on what they think OV
is supposed to mean, which would help better answer "How do we validate it
means that".
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20200630/14d75742/attachment.html>