Eddy, > > [Robin said...] > > Our main current objection to them is on grounds of maintaining a level > > commercial playing field among all CAs (in the Mozilla root program). > > > Robin, just for your knowledge that most if not all CAs which have roots > in NSS, are commercial CAs. Most, if not all CAs, don't perform the > practices your CA apparently does and which I view as a heightened risk. > That's also the reason why this issue has come up with your requests at > this time. Because of my involvement with the NSS team, I had the chance > to read enough CPSs from a wide range of CAs in order to positively > confirm that. > > In that respect it's your CA which introduces an unfair balance in the > commercial playing field. But should I encourage now to have all other > CAs adopt your risky behavior? At various occasions you referred to your > commercial obligations, but what about your other obligations to the > industry and to the relying parties, Mozilla being one of them? Most, if > not all other CAs present in NSS, are aware of their responsibilities > and duties beyond the commercial aspect and your CA is in the very > minority! Lets maintain an even and fair level in every respect, which > would call out for your CA to adjust! [Robin said...] If I understand you correctly you are saying that considering lack of evidence to the contrary you believe that Comodo is solely responsible for lowering the standard of DV certificate issuance in these two respects?
You are probably more familiar with our competitors CPSs than I am so perhaps you can explain to me how certificates such as the ones at https://www.beileysoftware.com/fm.html (10 year DV), and https://iah.unc.edu (10 year wildcard DV) relate to the matter in hand? We are keen to meet Mozilla's requirements and we certainly will not knowingly let our standards be below those of the rest of the market. I genuinely hope that you are correct in this matter and that my understanding is wrong, because if we can raise the standard of the DV marketplace as a whole by modifying our own policy we will do so. On the other hand, I will not be able to act to raise our standards if our competitors are not obliged to reach the same standard. Regards Robin _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
