I guess comodo may use WOT (WEb of Trust) to make sure the identity of the certificate matches the identity of the person.

we don’t use WOT, we use good old fashion, proven techniques for digital certificates…
however, the issue we are facing today is not that cert is well validated or not, but a much wider and simpler problem of, noone is securing email or using certs to secure it… stage one is to get people to secure their emails… then we can improve the levels of validation for certs.