Re: PositiveSSL is not valid for browsers

Thu, 01 Jan 2009 15:20:18 -0800 

On 01/01/2009 11:36 PM, Gervase Markham:

Eddy Nigg wrote:

Yes, basically we need a class or type in between DV and EV, preferable
defining DV clearly as well. EV is clearly maximum, whereas DV is
clearly minimum.


EV is definitely not maximum. There's a load more stuff that could be
done (some of which I wanted, like site visits) which we didn't get.



Yes of course. EV is _currently_ the maximum validation CAs will do for 
the bucks as it seems. I'm not aware of offerings proposing anything 
else by judging those of the most popular CAs. But maybe your are right 
and there might be room for a fourth (high-high) class even.





There is a middle ground ignored which is bad. There
are organizations which can't be validated according to EV, they would
certainly benefit from it.


For example?


Anything out of this list: https://www.startssl.com/?app=30#requirements


Self-employed and small business of different types and forms which are 
legal businesses in many countries are exempt. Not speaking about 
individuals which are out of the scope of EV. That's where the middle 
Class comes in.





Besides that, I believe there is also a need
for IV. From my experience there are many subscribers which don't need,
want or can do EV, but nevertheless want something more than DV. The
same is for the relying parties.


You mean that want a price point in between DV and EV? :-)



Yeah also. And why not? For many EV is an overkill, DV is too little and 
many would provide attestation about their identity and organization 
(which is way better than DV). I have been consistent in my view in this 
respect. It comes from my day-to-day experience.



Additionally, there are certain types of certificates (like wild cards) 
which would benefit from higher validation too. Unfortunately EV 
disallows wild cards, hence they are lumped together with the DV pool 
(and again, also here with its maximum requirements CAs are willing to 
do for domain validation).


--
Regards

Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog:   https://blog.startcom.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

























					Reply via email to