Confirmed users, Administrators
5,526
edits
CA/Forbidden or Problematic Practices: Difference between revisions
CA/Forbidden or Problematic Practices (view source)
Revision as of 19:21, 11 December 2019
, 11 December 2019Added quote from Mozilla's root store policy regarding email address
(Removed obsolete text) |
(Added quote from Mozilla's root store policy regarding email address) |
||
| Line 52: | Line 52: | ||
=== Delegation of Domain / Email Validation to Third Parties === | === Delegation of Domain / Email Validation to Third Parties === | ||
Section 1.3.2 of the [https://cabforum.org/baseline-requirements-documents/ Baseline Requirements] forbids delegating domain validation to third parties. | |||
[https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy#22-validation-practices Section 2.2 of Mozilla's Root Store Policy] says: "The CA SHALL NOT delegate validation of the domain portion of an email address." | |||
Domain and Email validation are core requirements of the [http://www.mozilla.org/projects/security/certs/policy/ Mozilla's Root Store Policy] and should always be incorporated into the issuing CA's procedures. Delegating this function to 3rd parties is not permitted. | Domain and Email validation are core requirements of the [http://www.mozilla.org/projects/security/certs/policy/ Mozilla's Root Store Policy] and should always be incorporated into the issuing CA's procedures. Delegating this function to 3rd parties is not permitted. | ||