Frank Hecker wrote: > DigiNotar has applied to add a new root CA certificate to the Mozilla > root store and enable it for EV, as documented in the following bug: > > https://bugzilla.mozilla.org/show_bug.cgi?id=369357 <snip> > I have evaluated this request, as per the mozilla.org CA certificate > policy: > > http://www.mozilla.org/projects/security/certs/policy/ > > and plan to officially approve the request after a public comment period.
Based on the results of the public comment period, this application is in sort of a half-way state: The basic inclusion request (for SSL and object signing trust bits only) looks good, but there are some remaining open questions regarding enabling DigiNotar for EV (mainly Eddy's concern about EV re-audit). Rather than delay this application indefinitely until those questions get resolved, I've decided to proceed in two steps. For step 1 I'll be formally approving inclusion of the DigiNotar root in NSS, with SSL and object signing trust bits enabled (no email trust bit). In step 2 I'll make a decision about approving the DigiNotar root for EV, once we have more information. Formal approval for step 1 will follow shortly. Frank P.S. Note that I'm shortening the normal public comment period somewhat. I'm doing that because based on the public comments I see no impediment to including the root for basic SSL and object signing, and I'd like to have Kai include it with the NSS changes for Network Solutions. The issues still under discussion are the email issue and the EV audit issue. The comment period remains open as far as those issues are concerned. -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
