On 28/03/12 02:29, John Nagle wrote: > The CA Browser Forum is tightening up standards. > The rules on certs change July 12, 2012, and will be much tighter > thereafter. There will be three levels of certs - "domain control > only", "organization validated", and "extended validation". > "Domain control only" is for blogs. Anything that takes a credit > card should have at least "organization validated". Financial > institutions should have EV.
It's worth pointing out that this is John's interpretation of the BRs, not the CAB Forum's. The BRs do not explicitly split certs into these three levels, nor do the recommend what types of cert should be used for what services. Additionally, Mozilla has no plans to change our UI to recognize more than the current two levels (EV, and everything else). Gerv _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
