I am now opening the first public discussion period for a request from Wells Fargo to add the WellsSecure Public Root Certificate Authority root certificate to Mozilla and enable it for EV use. This is bug 428390, and Kathleen has produced an information document attached to the bug.
https://bugzilla.mozilla.org/show_bug.cgi?id=428390 There's a summary of the information also available at http://www.mozilla.org/projects/security/certs/pending/#Wells%20Fargo Some points worth mentioning about this request: * This is a new root (though note that Wells Fargo has an older root already in Mozilla). Initially it will have a subordinate CA used for issuing EV SSL certs, but as I understand it Wells Fargo will potentially use the hierarchy under this root for other types of certs (both EV and non-EV). * The "flag problematic practices" section at the end of the info document has the sentence fragment "Issuing end entity certs directly from root rather than using an offline root and issuing certs through a subordinate CA". That's just the reference to checking for the practice. Kathleen forgot to add "(no)" or "(not an issue)" afterwards; Wells Fargo issues end entity certs through subordinate CAs. & The same comment as in the previous item applies to the "Long-Lived Domain-Validated SSL certs" items; to my knowledge Wells Fargo does not issue long-lived DV certs. This first public comment period will be for one week, and then I'll make a preliminary determination regarding this request. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto