Comment by jrochkind1
11 years ago
With basic certs, the CA just verifies that the entity controls the website the cert is being issued for. The OP explains how Let's Encrypt will do that. (And if they appeared not to be doing that, no software vendors would include the CA in the trust list).
With an "Extended Validation" cert, the CA additionally verifies that they are who they say they are on the cert (not just that they control the (web)sites the cert was issued for). I'm not sure if Let's Encrypt plans on issuing EV certs, but if they are, they will have to comply with whatever verification standards are standard, in order for vendors not to revoke them from trusted stores. Same as anyone else.
Further upthread, Josh (one of the other people working on the project) explained that Let's Encrypt currently only has plans to issue DV certs, not EV certs.
https://news.ycombinator.com/item?id=8624634
This is because of the automation aspect. EV cert issuance involves a human being looking at offline identity; DV issuance involves proofs of control that can be checked online by a computer, just as existing DV issuance by existing CAs is based on such checks.