Frank Hecker: > Frank Hecker wrote: >> I am now opening the first public discussion period for a request from >> Comodo to add the Comodo ECC Certification Authority root certificate >> to Mozilla and enable it for EV use. This is bug 421946, and Kathleen >> has produced an information document attached to the bug. >> >> https://bugzilla.mozilla.org/show_bug.cgi?id=421946 >> >> There's a summary of the information also available at >> >> http://www.mozilla.org/projects/security/certs/pending/#Comodo > > The first comment period has closed, and I've made a preliminary > decision to approve this request, per comment #17 in bug 421946. The > second public coment period now begins, after which I'll make a final > decision. >
As per your comment in https://bugzilla.mozilla.org/show_bug.cgi?id=421946#c17 you state that no problematic practices associated with this CA, but I found that in section 2.4.1 domain validated wild cards are issued, which is listed in http://wiki.mozilla.org/CA:Problematic_Practices#Wildcard_DV_SSL_certificates But I'm not sure which type the ECC certificates belong to (which letter under section 2.4.1) in which case e) might not apply. Oh and f) is also interesting ;-), I wonder how many "localhost" certificates were issued so far... This CP/CPS also covers certificates with a validity of 10 years which is again listed in http://wiki.mozilla.org/CA:Problematic_Practices#Long-lived_DV_certificates Also here, I had difficulty to confirm if this applies to the ECC certs or not. Maybe Rob can clarify this here? -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
