Frank Hecker: > I am now opening the first public discussion period for a request from > Wells Fargo to add the WellsSecure Public Root Certificate Authority > root certificate to Mozilla and enable it for EV use. This is bug > 428390, and Kathleen has produced an information document attached to > the bug. > > https://bugzilla.mozilla.org/show_bug.cgi?id=428390 > > There's a summary of the information also available at > > http://www.mozilla.org/projects/security/certs/pending/#Wells%20Fargo > > Some points worth mentioning about this request: > > * This is a new root (though note that Wells Fargo has an older root > already in Mozilla). Initially it will have a subordinate CA used for > issuing EV SSL certs, but as I understand it Wells Fargo will > potentially use the hierarchy under this root for other types of certs > (both EV and non-EV). > > * The "flag problematic practices" section at the end of the info > document has the sentence fragment "Issuing end entity certs directly > from root rather than using an offline root and issuing certs through a > subordinate CA". That's just the reference to checking for the practice. > Kathleen forgot to add "(no)" or "(not an issue)" afterwards; Wells > Fargo issues end entity certs through subordinate CAs. > > & The same comment as in the previous item applies to the "Long-Lived > Domain-Validated SSL certs" items; to my knowledge Wells Fargo does not > issue long-lived DV certs. > > This first public comment period will be for one week, and then I'll > make a preliminary determination regarding this request. >
Frank, I'd like to know (again) what our policy is in regards of EV audit requirements. As I understand from the bug report, Wells Fargo didn't actually absolved the EV audit, but some EV readiness audit. I think we are past the time where we'd accept such audits? -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
