Frank, thanks for addressing this issue!
Frank Hecker wrote:
> As noted in the bug, I think an EV-enabled root CA cert is simply a
> special case of root CA certs in general, so we don't need a whole new
> separate policy. At the same time I don't want to revise every section
> of the existing policy, and if possible I'd like to avoid changes that
> necessitate renumbering and reorganizing the current sections of the
> policy. I'm therefore leaning toward having an EV addendum to the
> policy, and putting all the EV-related stuff there. Then we could simply
> modify section 6 ("We require ...") to add an additional paragraph
> pointing to the addendum. This would result in a version 1.1 of the
> overall Mozilla CA cert policy.
>
I also think an extension might be the better thing to do. There might
be more changes in the future (initiated perhaps by the CAB forum) which
would require more edits, additions and changes. This would leave the
current CA policy mostly as is now and in the future.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
