DigiNotar has applied to add a new root CA certificate to the Mozilla root store and enable it for EV, as documented in the following bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=369357 and in the pending certificates list: http://www.mozilla.org/projects/security/certs/pending/#DigiNotar I have evaluated this request, as per the mozilla.org CA certificate policy: http://www.mozilla.org/projects/security/certs/policy/ and plan to officially approve the request after a public comment period. Note that there was an issue with DigiNotar's EV audit because at the time its production CA software did not have the necessary features to issue EV certificates; the software has since been upgraded and DigiNotar has since successfully issued EV certificates. My inclination is to accept the EV audit as suitable for our purposes, since our main interest is in the audit of DigiNotar's validation procedures, and we can verify technical correctness of the actual EV certificates ourselves. Frank P.S. to Nelson: I've changed the status whiteboard in the bug and checked in a change to the pending list (not yet on the site) to mark DigiNotar as 'pending'. -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto