Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925
edits
CA/Forbidden or Problematic Practices: Difference between revisions
Jump to navigation
Jump to search
CA/Forbidden or Problematic Practices (view source)
Revision as of 16:29, 25 January 2018
, 25 January 2018Move validation delegation to "forbidden"
(Remove misleading word) |
(Move validation delegation to "forbidden") |
||
| Line 62: | Line 62: | ||
* [https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/ Security Blog Post Regarding SHA-1 Based Signature Algorithms] | * [https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/ Security Blog Post Regarding SHA-1 Based Signature Algorithms] | ||
== | === Delegation of Domain / Email Validation to Third Parties === | ||
This is forbidden by the Baseline Requirements, section 1.3.2. | |||
Domain and Email validation are core requirements of the [http://www.mozilla.org/projects/security/certs/policy/ Mozilla's Root Store Policy] and should always be incorporated into the issuing CA's procedures. Delegating this function to 3rd parties is not permitted. | |||
== Potentially Problematic Practices == | |||
=== Allowing External Entities to Operate Subordinate CAs === | === Allowing External Entities to Operate Subordinate CAs === | ||