[cabf_validation] Update 3.2.2.4 for Applicants that are Individual Natural Persons

Wayne Thayer wthayer at mozilla.com
Fri Jun 1 17:05:41 MST 2018


On Thu, May 31, 2018 at 11:25 PM Dimitris Zacharopoulos via Validation <
validation at cabforum.org> wrote:

>
> The current BRs in 3.2.2.4 state that
> "For purposes of domain validation, the term Applicant includes the
> Applicant's Parent Company, Subsidiary Company, or Affiliate."
>
> which doesn't include the case of an Applicant being an Individual Natural
> Person. Since the term "Applicant" is already defined in 1.6.1, this
> sentence should probably me amended to point to 1.6.1 instead of trying to
> re-define the term.
>
The statement in section 3.2.2.4 is intended to extend the definition of
the term "Applicant" to parent and subsidiary companies for the purposes of
domain validation only. It is not intended to change or conflict with the
definition in 1.6.1. My recollection is that the statement in 3.2.2.4 was
added because some of the domain validation methods could not be used if
the domain name registrant was not the exact same legal entity as the
Applicant. In other words, the sentence in 3.2.2.4 is the same as changing
every instance of "Applicant" in that section to "Applicant, Applicant's
Parent Company, Applicant's Subsidiary Company, or Applicant's Affiliate".

> *"Applicant*: The natural person or Legal Entity that applies for (or
> seeks renewal of) a Certificate. Once the Certificate issues, the Applicant
> is referred to as the Subscriber. For Certificates issued to devices, the
> Applicant is the entity that controls or operates the device named in the
> Certificate, even if the device is sending the actual certificate request."
>
> However, there were previous discussions related to DV Certificates about
> who actually "signs" the Subscriber Agreement, especially for cases where
> the CA has no idea (i.e. does not validate) who the person or legal entity
> is behind a DV Certificate Application.
>
> As far as I can understand the current definition of an Applicant, a
> "natural person" has at least a full name and a "legal entity" has at least
> a name. Since we don't have any of that,  how valid is a Subscriber
> Agreement without at least this basic information?
>
>
I view this as a separate issue worthy of some discussion. My first thought
is that the CA is required to identify some natural person or legal entity
and make them agree to the Subscriber Agreement, even if no other
verification is performed on said natural person or legal entity.
>

> I also created an issue on github
> <https://github.com/cabforum/documents/issues/96>but I thought it would
> be best to post it here for future discussion.
>
>
> Thank you,
>
> Dimitris.
>
>
>
> _______________________________________________
> Validation mailing list
> Validation at cabforum.org
> https://cabforum.org/mailman/listinfo/validation
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180601/30063b87/attachment.html>


More information about the Validation mailing list