Thank you for the valuable information.
I try to summarize the possibilities to issue PSD2 QWAC certificates. - If a CA issues PSD2 QWAC certificate now, it SHALL NOT include the CABF EV CPOID in it, but instead of that the certificate should contain the CABF OV CPOID value. - If the CA issues PSD2 QWAC certificate with CABF OV CPOID, the issuing CA can not be EV enabled by the browsers and it will never be EV enabled because it has already issued not EVG compliant certificate (is it correct?). - If the Ballot SC17 will be accepted it will be possible to issue PSD2 QWAC certificate with the CABF EV CPOID in it, so the issuer CA can be EV enabled AND EU Qualified at the same time. As a consequence, - if a CA issues PSD2 certificate now, it shall set up new intermediate CA-s for the issuance of EV certificates which shall be audited and asked for the EV enabled status It seeems to me that the best would be to wait for the result of the Ballot SC17 voting and not to issue PSD2 certificates now. Do you have any information about the planned date/schedule of the voting? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
