On Oct 18, 2019, at 6:39 PM, Peter Bowen <pzbo...@gmail.com> wrote: > > >> On Fri, Oct 18, 2019 at 6:31 PM Peter Gutmann via dev-security-policy >> <dev-security-policy@lists.mozilla.org> wrote: > >> Paul Walsh via dev-security-policy <dev-security-policy@lists.mozilla.org> >> writes: >> >> >I have no evidence to prove what I’m about to say, but I *suspect* that the >> >people at BSI specified “EV” over the use of other terms because of the >> >consumer-visible UI associated with EV (I might be wrong). >> >> Except that, just like your claims about Mozilla, they never did that, they >> just give a checklist of cert types, DV, OV, and EV. If there was a Mother- >> validated cert type, the list would no doubt have included MV as well. > > I think this is even easier. Kirk linked the article which links to the > actual requirements at > https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Mindeststandards/Mindeststandard_Sichere_Web-Browser_V2_0.pdf > > In section SW.2.1.01, it says "Zertifikate mit domainbasierter Validierung > (Domain-Validated-Zertrifikate, DV), mit organisationsbasierter Validierung > (Organizational-Validated-Zertifikate, OV) sowie Zertifikate mit erweiterter > Prüfung (Extended-Validation-Zertifikate) MÜSSEN unterstützt werden". > > Bing Microsoft Translator says the English translation is "Certificates with > domain-based validation (domain-validated certrifikate, DV), with > organization-based validation (Organizational-Validated Certificates, OV) as > well as certificates with Extended Validation Certificates MUST be supported" > > This appears to be the only reference to EV in the requirements. Given the > discussion has been around moving the UI treatment of EV to match OV (versus > having a distinct EV-only UI treatment, I don't think there is likely to be > any impact on the BSI conformance results.
[PW] *Fact* - none of us know. So let’s find out. Assuming to know what a customer / stakeholder thinks is a rookie mistake. The BSI is a major “implementation” and for that reason, I hope Mozilla offer an opinion and to learn more. it’s a great opportunity to find out what their perception is. This forum is like an unhealthy religious cult where people aren’t open to being wrong about anything. Can we try to find common ground - such as our desire to help make the web safer. - Paul > > Thanks, > Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
