Eddy Nigg wrote:
Update: One of the CA roots requested for inclusion is valid until 2030:
S-TRUST Authentication and Encryption Root CA 2005:PN
Valid until: 06/22/2030 02:59:59
The above mentioned issue does not apply to this root. Incidentally this
root was also included at Microsoft, the others not. There is no
objection to include the "Authentication and Encryption" root from
S-Trust as far as I can see.
I agree on the inclusion of "S-TRUST Authentication and Encryption Root
CA 2005:PN", and so I'm going to go ahead and formally approve that.
On the inclusion of the other roots, there is nothing in our policy that
addresses the issue of short-lived roots. However the consensus seems
to be that this practice is not actually legally-required, and it does
pose a burden on us. I'm therefore OK with not including the other roots
for now, and encouraging S-TRUST to move to a scheme where they use a
longer-lived root for these certs.
Kathleen, could you post a summary to bug 370627, and then ping me for
final approval?
Frank
--
Frank Hecker
hec...@mozillafoundation.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
