[cabf_validation] Discussion on improvements for automation in the context of EV certificates
Christophe Bonjean
christophe.bonjean at globalsign.com
Thu Nov 2 13:18:09 UTC 2023
Hi all,
As a forum, without a doubt one of our goals is to consider areas of
automation. In this context, we believe that there are a few areas where the
language of the EV Guidelines is ambiguous, and this ambiguity may
unnecessarily hinder the goal of automation.
A few areas that we want to highlight:
Due diligence requirement and how it relates to automated processes like
domain validation
All the verification processes and procedures are subject to review by
someone who is not responsible for the collection of the information. Does
this requirement make sense for elements like domain validation which can be
completely automated? What is the added value of making the automated domain
validation subject to the review by a person?
Delegation of the final cross-correlation to Enterprise RA
What exactly is in scope of this delegation? How does it differ from the
role of a Certificate Approver?
We would like to see if there's an opportunity and appetite to clarify some
of the language surrounding these topics.
Could this possibly be added to the agenda?
Christophe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20231102/f8e72dc2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 8477 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20231102/f8e72dc2/attachment.p7s>
More information about the Validation
mailing list