CA/Forbidden or Problematic Practices: Difference between revisions

CA/Forbidden or Problematic Practices (view source)

67 bytes added , 4 March 2010

m

Confirmed users, Administrators

5,526

edits

Revision as of 19:39, 3 March 2010 (view source) Kathleen Wilson (talk \| contribs) (→‎Other considerations when updating the CA Certificate Policy) ← Older edit		Revision as of 18:51, 4 March 2010 (view source) Kathleen Wilson (talk \| contribs) m (→‎Validate all Data included in Certificates) Newer edit →
Line 155:		Line 155:
	=== Validate all Data included in Certificates ===		=== Validate all Data included in Certificates ===

	Only data that has been verified to be correct should be included in a certificate. All information that is supplied by the requester must be verified to be correct before it may be included in the certificate. ~~Alternative~~ names need to be validated just as well as the subject. ~~For example~~, if only the email address of the certificate subscriber is verified, then ~~only~~ the ~~email address~~ should ~~be included in~~ the ~~certificate~~.		Only data that has been verified to be correct should be included in a certificate. All information that is supplied by the requester must be verified to be correct before it may be included in the certificate. For example, for SSL certificates, alternative names need to be validated just as well as the subject. And for email certificates, if only the email address of the certificate subscriber is verified, then the CN should not include any unverified element that the subscriber supplied.