Gervase Markham wrote:
It has been suggested a few month ago already and Mozilla perhaps needs to make a decision about what to do with it. Perhaps another alternative might exist as well, should this be not the preferred approach.However, it would certainly be possible for the Mozilla Foundation to lobby for a change in the CA/Browser Forum membership rules, should it choose to do so.
So personally I'm very much in favor of *opening* up the *audit* procedures and suggest / build a auditor profile and realistic requirements of the audit firm. This would most likely result in more CAs (and not only StartCom) being able to issue certificates according to this guidelines and as some suggested "improve" the whole Internet...It would however also result in more transparency what auditing of the CAs concerns. (Or does anyone know how CAs are audited in first place? If not, so how does anyone know if it is sufficient?) I think the guidelines and audit of the CAs are related as the two parts of the egg...But currently one knows only about the first part of it (The Guidelines), but one knows nothing about the second part (The Audit), even so they are more than related to each other...
Actually membership isn't the most important thing at the CA/Browser Forum, but they demonstrated their attitude in the best way they could! StartCom doesn't need the membership, it needs to be able to issue the same certificates...As I indicated previously (in the conspiracy theory ;-) ), Mozilla can make a difference today, because without Mozilla, there simply will be no EV!!! It will be useless, even so Verisign touts currently "/high security Web browsers such as IE7/" at their FAQ page, because the "/high security browser/" in question "owns" only half of the Internet today at best.... :-DI wouldn't be able to comment on the likelihood of our succeeding.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Phone: +1.213.341.0390
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
