Confirm, administrator
5,526
edits
Changes
m
→Verifying Identity of Code Signing Certificate Subscriber
We rely on public documentation and audits of those documented processes to ascertain that the requirements of section 7 of the Mozilla CA Certificate Policy are met.
Section 7 of the [http://www.mozilla.org/projects/security/certs/policy /InclusionPolicy.html Mozilla CA Certificate Inclusion Policy] states: “for certificates to be used for digitally signing code objects, the CA takes reasonable measures to verify that the entity submitting the certificate signing request is the same entity referenced in the certificate or has been authorized by the entity referenced in the certificate to act on that entity's behalf; ”
There are various ways to confirm the certificate subscriber's identity and we don't dictate exactly how this should be done for non-EV certificates. However we must be clear that a minimum standard has been reached:
