Hi Sandor, You can follow the ballot status in the Server Certificate Working Group mail archives here: https://cabforum.org/pipermail/servercert-wg/ and specifically in this thread: https://cabforum.org/pipermail/servercert-wg/2019-April/000723.html
Voting will start at least a week after the final proposal is reviewed and no comments are made to change it. Doug -----Original Message----- From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> On Behalf Of Sándor dr. Szoke via dev-security-policy Sent: Thursday, April 18, 2019 5:11 AM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Organization Identifier field in the Extended Validation certificates accordinf to the EVG ver. 1.6.9 Thank you for the valuable information. I try to summarize the possibilities to issue PSD2 QWAC certificates. - If a CA issues PSD2 QWAC certificate now, it SHALL NOT include the CABF EV CPOID in it, but instead of that the certificate should contain the CABF OV CPOID value. - If the CA issues PSD2 QWAC certificate with CABF OV CPOID, the issuing CA can not be EV enabled by the browsers and it will never be EV enabled because it has already issued not EVG compliant certificate (is it correct?). - If the Ballot SC17 will be accepted it will be possible to issue PSD2 QWAC certificate with the CABF EV CPOID in it, so the issuer CA can be EV enabled AND EU Qualified at the same time. As a consequence, - if a CA issues PSD2 certificate now, it shall set up new intermediate CA-s for the issuance of EV certificates which shall be audited and asked for the EV enabled status It seeems to me that the best would be to wait for the result of the Ballot SC17 voting and not to issue PSD2 certificates now. Do you have any information about the planned date/schedule of the voting? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy