That the person who received the certificate from them was in control of the domain (for some definition of "control" that meets Comodo's standards) at the time the certificate was issued. I've never tried to get a wildcard from Comodo, personally, but since there's no O section of the certificate I assume Comodo didn't do anything beyond "do you control the DNS" or "do you control certain email addresses".
This is at least less wasteful of time and effort on everybody's part than Comodo verifying that a specific company or person was actually involved; again, I don't trust ycombinator any more than I trust someone impersonating ycombinator, so any 3rd party verification is kind of pointless to me.
This is at least less wasteful of time and effort on everybody's part than Comodo verifying that a specific company or person was actually involved; again, I don't trust ycombinator any more than I trust someone impersonating ycombinator, so any 3rd party verification is kind of pointless to me.