[Smcwg-public] Enterprise RAs methods for validation of mailbox authorization or control
Stephen Davidson
Stephen.Davidson at digicert.com
Thu Jan 26 17:28:05 UTC 2023
Thanks Christophe:
We'll add this to the Agenda for our next meeting.
Best regards, Stephen
From: Smcwg-public <smcwg-public-bounces at cabforum.org> On Behalf Of Christophe Bonjean via Smcwg-public
Sent: Tuesday, January 24, 2023 5:49 AM
To: smcwg-public at cabforum.org
Subject: [Smcwg-public] Enterprise RAs methods for validation of mailbox authorization or control
Hi all,
Section 1.3.2.1 Enterprise registration authorities restricts the mailbox control validation methods:
* Organization-validated or sponsor-validated: Section 3.2.2.1 (domain based) or Section 3.2.2.3 (operator of server).
* Mailbox-validated: Section 3.2.2.2 (email challenge).
The restriction of profile and validation method seems to prohibit:
* Enterprise RAs to issue mailbox-validated certificates based on domain validation (3.2.2.1) or as operator of server (3.2.2.3).
* Enterprise RAs to issue sponsor-validated certificates based on email challenges (3.2.2.2) - probably less common.
Is this an intentional restriction? Should we re-visit this topic?
Christophe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20230126/4e4159de/attachment.html>
More information about the Smcwg-public
mailing list