EV requires OCSP. I believe that Mozilla requires OCSP to be functional else it won't pass the internal EV checks to show the green bar (please correct me if I'm wrong).
So, by my reading (and subject to the possible misbelief above), even if the root is enabled for EV it won't necessarily work for the EV functionality requested. This may be a marketing sticking point for SecomTrust, but I do not believe that it is a Mozilla issue to resolve. If Mozilla violates the EV guidelines by showing a green bar even when OCSP fails, then this root needs to not be enabled for EV, even if admitted to the root list. -Kyle H On Mon, Feb 2, 2009 at 5:37 PM, Eddy Nigg <eddy_n...@startcom.org> wrote: > On 02/03/2009 03:20 AM, Gen Kanai: >> >> Frank filed the inclusion request for SecomTrust on Dec. 8th, 2008. >> >> As we're almost 2 months past the discussion period for this request, >> I'd like to reconfirm that there are no other open issues. >> >> If there are any open issues, SecomTrust is eager to resolve them asap >> in order to have the cert included in the next possible version. >> >> Your comments would be appreciated. >> > > According to Frank, he has reviewed the audit reports which isn't public. > This might be a problem. > > Also because SecomTrust apparently doesn't use an OCSP responder and isn't > required to do so for another year, Firefox has no way to check the > certificates status. Firefox intends to treat such certificates as non-EV at > least as I understood. This might be another problem. > > As such there should be an answer in this respect in order to add the > SecomTrust EV root or have them correct whatever needs to be corrected. > > Cross-posting to the bug as well. > > -- > Regards > > Signer: Eddy Nigg, StartCom Ltd. > Jabber: start...@startcom.org > Blog: https://blog.startcom.org > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
