|
|
|
|
|
|
by xg15
1605 days ago
|
|
|
Come on, that's not how it works. There are specific, well-defined circumstances that define what a particular legal entity (such as a company or a corporation) is and who may or may not act on its behalf. Otherwise, any kind of company could escape responsibility by simply pretending it doesn't exist and every employee just acted on their own. |
|
|
As I said, for the DNS validation we actually have pretty specific technical rules today, the "Ten Blessed Methods" (well, their modern successors) which is why we're talking about one of those methods here (tls-alpn-01 is method 3.2.2.4.20)
Today there are rules for EV but they're understandably vague, because they're talking about the problem we addressed above, eventually they get down this idea of a "Principal Individual" which can include "an employee" who is merely "authorised to conduct business" on behalf of (in our example) Bank of America and of course you're back to square one. How can we know they're authorised ?
The trick in the DNS validation is that we're asking a question machines could potentially have an authoritative answer to. Does this applicant control this DNS name. Not "Should they?". Not to "Are they authorised?" but specifically do they control it.
The non-DNS validation can't do that.