On 2019-11-13 7:40 a.m., Alan DeKok wrote: > On Nov 12, 2019, at 3:13 PM, Cappalli, Tim (Aruba) <t...@hpe.com> wrote: >> How does a public CA prove ownership of an SSID? > Do public CAs *always* verify addresses and/or telephone numbers, which are > normally included in certificates?
They are? I've rarely seen it. I think that if it's in the certificate, then they have verified them. I can remember in the bad old days providing CAs with notorized articles of incorporation, etc. I haven't done that this decade though, and I haven't seen that kind of info. CAs won't include anything they can't verify. > Do public CAs verify that email addresses in the certificate work? yes, they do by sending a challenge to it. > Do public CAs verify that the OIDs in the certificate match the intended > use-cases? Most won't include OIDs. > Is there a global registry of SSIDs which the public CA could use to verify > the SSID? No, SSIDs are a local matter. One could (and I do), use FQDNs as the SSID. That's the only way I can see this working. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
