Comment by wnevets

14 hours ago

> In addition to all of the authentication steps CAs take for DV and OV certificates, EV certificates require vetting of the business organization’s operational existence, physical address and a telephone call to verify the employment status of the requestor. [1]

[1] https://www.digicert.com/difference-between-dv-ov-and-ev-ssl...

Tying a phone number to a physical address and company is a lot more useful than just proof of control over a domain. Of course its not 100% fool proof and depends on the quality of the CA but still very useful.

4 comments

wnevets

Reply
matrss  14 hours ago

> Tying a phone number to a physical address and company is a lot more useful than just proof of control over a domain.

It might be useful in some cases, but it is never any more secure than domain validation. Which is why browsers don't treat it in a special way anymore, but if you want you can still get EV certificates.

monerozcash  13 hours ago

It was easy to provide the information for an existing business you're completely unrelated to. Reliably verifying that a person actually represents a company isn't possible in most of the world.

  • fpoling  12 hours ago

    Many countries has official register of companies with at least post box address. Requiring to answer a physical letter sent to an address from the central register will be much more reliable.

    • monerozcash  11 hours ago

      Sure, and then someone just registers a company with the exact same name in another jurisdiction and EV is thwarted anyway