Eddy, it was certainly never my intention to lead you to conclude that the COMODO Certification Authority root certificate "will only issue EV certificates and should be enabled for EV only".
What I actually said was: "I can assure you that Comodo never issue DV and EV certs from the same *Intermediate* CA". I did not mention Root CAs in this statement. On reflection, it occurs to me that "Intermediate" and "Root" are perhaps not the best words to use, since the now widespread use of cross-certification blurs the distinction somewhat. Perhaps the following statement is clearer: I can assure you that Comodo never issue End-Entity DV and EV certs from the same Issuing CA. In the same message, I also said "...we really need to have generic (rather than purpose-specific) trust anchors". So, please change the details on the "Pending" page back to how they were. As per Bug #401587 Comment #0, we still really do want the COMODO Certification Authority to be enabled for "All 3" purposes: DV, IV/OV and EV. Now, Frank has said "At present there are two subordinate CAs under the "COMODO Certification Authority" root: "COMODO EV SSL CA" and "COMODO EV SGC CA". These two subordinates are the issuing CAs for end entity certs." This statement is correct, as long as you don't interpret "...there are two..." as "...there are only two and will only ever be two...". As it happens, we also have a further subordinate CA under COMODO Certification Authority, which we already use for issuing one of our brands of DV certificate. We also have plans to issue an IV/OV subordinate at some point. As before, I'll defer to Robin Alden to answer any CPS-related questions you may have about this. I apologize on behalf of Comodo if we have inadvertently omitted to draw your attention to some of this information sooner. I spoke to Robin Alden earlier today. He hopes to be able to reply to at least some of your questions today. On Tuesday 18 March 2008, Eddy Nigg (StartCom Ltd.) wrote: > Frank Hecker: > > Comodo has applied to (among other things) add a new EV root CA > > certificate for the *COMODO Certification Authority* to the Mozilla root > > store, as documented in the following bug: > > > > https://bugzilla.mozilla.org/show_bug.cgi?id=401587 > > > > Note that this request specifically refers to the COMODO Certification > > Authority root CA certificate referenced in comment #16 to bug 401587: > > > > https://bugzilla.mozilla.org/show_bug.cgi?id=401587#c16 > > The details at the "Pending" page have been updated by Frank concerning > this CA root. There are no objections to adding this root, but please > note that this root will only issue EV certificates * and should be > enabled for EV only, provided if and when we have that capability in > NSS. Perhaps we want to open a catch-all bug for such roots which are > added under this condition. > > * Confirmed by Rob Stradling from Comodo. -- Rob Stradling Senior Research & Development Scientist Comodo - Creating Trust Online Office Tel: +44.(0)1274.730505 Fax Europe: +44.(0)1274.730909 www.comodo.com Comodo CA Limited, Registered in England No. 04058690 Registered Office: 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to the e-mail containing this attachment. Replies to this email may be monitored by Comodo for operational or business reasons. Whilst every endeavour is taken to ensure that e-mails are free from viruses, no liability can be accepted and the recipient is requested to use their own virus checking software. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto