On 01/27/2009 10:36 PM, Ben Bucksch:
On 16.12.2008 23:04, Frank Hecker wrote:
However I suspect that S-TRUST is constrained in its practices by the
relevant German laws and/or EU directives. Unfortunately I couldn't
find any references that address this particular issue.
Even if so, such a law wouldn't preclude a root *specifically for us*
that just signs all the others. Given that only browsers trust that
root, the law wouldn't care about it.
First of all there is no such law as claimed in the CP/CPS of S/Trust.
Please see the bug entries and conclusive reporting here in relation to
that. Second, I've proposed to them to issue such a root and sign their
short-living CAs from that root. This would most likely allow them to
have this root included here and other vendors as well. Of course this
requires some changes at their side including CP/CPS and auditing, but
it should be entirely possible to achieve it within less than a year. In
the meantime I propose to have their long-living root included in NSS
(if no other concerns should be raised).
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
