On 16/12/08 23:04, Frank Hecker wrote:
Eddy Nigg wrote re S-TRUST issuing new root certificates annually:
Please feel free to mention this issue in the bug. However I suspect that S-TRUST is constrained in its practices by the relevant German laws and/or EU directives. Unfortunately I couldn't find any references that address this particular issue.
I don't see it in Annex II of DIRECTIVE 1999/93/EC, which would be the technical place if it was in the Directive. It is also not in the SigG which is the German implementation of the directive.
(The way it works is that the EU directive binds the governments, which have to pass laws to bind the people. So the directive does not bind the people, or in this case the CA.)
It is most likely in the regulations that are created by the regulating agency; that is the way these things work. I think that is the telecommunications regulator. Likely, these things are not translated into English. (The simplification of "law" is often meant to include these things.) If you really wanted to do see it, the thing to do would be to ask for the specific regulations, and get them translated.
Just some thoughts! iang _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
