On 01/22/2009 08:35 PM, Eddy Nigg:
I've received answers from the representative of S-Trust at the bug. As
suspect right from the beginning, there is no such law or requirement as
claimed initially that justifies the issuing of new roots every year for
a life-time of only five years. For further reference see bug 370627
from comment 47 onwards:
https://bugzilla.mozilla.org/show_bug.cgi?id=370627#c47
According to comments made by Nelson and others, I suggest to refrain
from including this CA at this time. Their model is hardly sustainable,
unnecessary complicated for no apparent benefit. Some of the documents I
reviewed from the "Bundesnetzagentur" even explicitly discourages their
implementation.
Update: One of the CA roots requested for inclusion is valid until 2030:
S-TRUST Authentication and Encryption Root CA 2005:PN
Valid until: 06/22/2030 02:59:59
The above mentioned issue does not apply to this root. Incidentally this
root was also included at Microsoft, the others not. There is no
objection to include the "Authentication and Encryption" root from
S-Trust as far as I can see.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
