Glossary of terms for validation, derived from Mozilla's Glossary

Validations in Relationship

Rough relationship:

Old Class

Individual

Organisation

Check conducted

III

?

EV

"Extended"

II

IV

OV

Basic Identity

I

AV

DV

Simple control

Purpose

S/Mime, login/auth

HTTPS, code-signing

Notes:

Glossary

AV (address validation). Verification of the control of an email address of an email account, only. Intended for certificates issued to individuals (assumption) for use with S/MIME email.

More formally, Mozilla may define: AV certificates as certificates containing an emailAddress attribute or Subject Alternative Name extension with a value (or values) apparently corresponding to an RFC 822 email address, for which the CA makes claims (e.g., in the CPS) that it has in some way validated that the address in question is owned and/or legitimately controlled by the certificate subscriber, and for which the CA makes no claims as to the validity of any individual identity stored in the Common Name attribute of the certificate.

DV (domain validation). Verification of the control of a domain. Intended for certificates for SSL/TLS-enabled sites.

More formally Mozilla may define: DV certificates as certificates containing a Common Name (CN) attribute or Subject Alternative Name extension with a value (or values) apparently corresponding to one or more actual Internet domains, for which the CA makes claims (e.g., in the CPS) that it has in some way validated that the domain(s) in question are owned and/or legitimately controlled by the cert subscriber, and for which the CA makes no claims as to the validity of any organizational identity stored in the Organization attribute of the certificate.

EV (extended validation). EV certificates are certificates that are validated according to the guidelines laid out in "EV SSL Certificate Guidelines" published by the CA/Browser Forum.

IV (individual validation or identity validation). Verification of an individual or an individual's identity. Intended to support issuance of email, SSL/TLS client authentication, and other uses for individuals rather than organisations.

More formally Mozilla may define: IV certificates as certificates containing a Common Name (CN) attribute with a value apparently corresponding to an actual named individual, for which the CA makes claims (e.g., in the CPS) that it has in some way validated that that value corresponds to the individual identity of the certificate subscriber.

OV (organization validation). Verification of an organisation. Intended to support and provide information for certificates issued to organizations (including corporations, government agencies, NGOs, etc.) for SSL/TLS-enabled sites, code signing, and other uses.

More formally Mozilla may define: OV certificates as certificates containing an Organization (O) attribute with a value apparently corresponding to an actual organizational entity (i.e., as opposed to a value like "Not validated"), for which the CA makes claims (e.g., in the CPS) that it has in some way validated that that value corresponds to the organizational identity of the certificate subscriber.


CategoryGlossary

Glossary/Validation (last edited 2016-06-29 14:30:48 by AlesKastner)