Frank Hecker wrote: > Frank Hecker wrote: >> I am now opening the first public discussion period for a request from >> Comodo to add the Comodo ECC Certification Authority root certificate >> to Mozilla and enable it for EV use. This is bug 421946, and Kathleen >> has produced an information document attached to the bug. >> >> https://bugzilla.mozilla.org/show_bug.cgi?id=421946 >> >> There's a summary of the information also available at >> >> http://www.mozilla.org/projects/security/certs/pending/#Comodo > > The first comment period has closed, and I've made a preliminary > decision to approve this request, per comment #17 in bug 421946. The > second public coment period now begins, after which I'll make a final > decision.
We're past the end of the second comment period, and based on all the comments up to now I'm now ready to make a final decision. Of the additional issues that came up in the second comment period, a couple (wildcard DV certs and long-lived certs) I've already dealt with in a prior request, one (multiple certs with the same FQDN) I don't see as a reason for rejection of the request (per my previous message), and one (certs with hostnames and private IP addresses) I consider now moot based on the previous public statement/commitment by Comodo. Also, I've given my opinion that issuance of certs for static public IP addresses, though not strictly speaking addressed in our policy, is in fact consistent with the intent of our policy assuming ownership/control of the addresses is verified. Based on the resolution of these issues I'm therefore officially approving the Comodo request to add the Comodo ECC Certification Authority root certificate to NSS and to enable it in PSM for EV use. I have filed bug 450427 against NSS and bug 450429 against PSM for the actual changes: https://bugzilla.mozilla.org/show_bug.cgi?id=450427 https://bugzilla.mozilla.org/show_bug.cgi?id=450429 Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto