Heikki Toivonen wrote: > > The EV draft states auditing by WebTrust *or equivalent*. > We made already a proposal for defining *equivalent*, to which there was no reply until now. Just to you inform you, that StartCom requested membership on the grounds of the following criteria as received from Tim Moses of the CA/B Forum:
"CA/Browser Forum members shall meet at least one of the following criteria. "1. The member organization operates a certification authority that has a current and successful WebTrust for CAs audit report (or equivalent) and that actively issues certificates to Web servers that are openly accessible from the Internet using any one of the mainstream browsers. "2. The member organization operates a certification authority that has a current and successful WebTrust for CAs audit report (or equivalent) and that actively issues certificates to subordinate CAs that, in turn, actively issue certificates to Web servers that are openly accessible from the Internet using any one of the mainstream browsers. "3. The member organization produces a software product intended for use by the general public for browsing the Web securely using SSL." Our application for membership was rejected because of their interpretation of *equivalent*, as expected! There is no *equivalent! *They obviously must be very afraid of StartCom, since this request was a bout membership, not issuance of EV certificates. It is interesting to note, that three out o four browser vendors accepted StartCom as a trustworthy certification authority (This is Mozilla and KDE, with Opera only depending on a down payment, which is a policy Opera intended to revise or are in the process of revising). Needless to say, that StartCom fulfills all the required criteria above with the word *equivalent *depending interpretation only*! * We hope, that Mozilla has the ability to change that decision taken by the CA/Browser Forum and get rid of the WebTust monopole which Microsoft and perhaps other CA's maintain. -- Regards Signer: Eddy Nigg, StartCom Ltd. Phone: +1.213.341.0390
_______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security