Gervase Markham wrote:
How does your proposal ensure that the CAs stick to what they have
promised - i.e. that the OID they put in the certificates corresponds
to the level of validation done? Do we just have to trust them?
Actually yes. In my proposal this is exactly the case, the same as
to
Eddy Nigg (StartCom Ltd.) wrote:
I'm sorry, but I can't work it out - what does the abbreviation
"resp." stand for?
It stands for "respective".
Ouuups, it stand for "Respectively" of course...
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
Gervase Markham wrote:
We need to make sure that the audit firm a CA uses is trustworthy
Right up to here...
to assess under the Webtrust guidelines.
Not!
Who better to decide that than the people who wrote the guidelines?
Mozilla does! Please read sections 9 - 12 from
http://www.mozilla.org
Hi Gerv,
Gervase Markham wrote:
Just to be clear: this is, at heart, a UI proposal, isn't it? You want
the UI to differentiate between these four levels, rather than just
the one level (as now) or two levels (as IE 7 does with EV)?
Before you can do anything with the UI, there needs to be an
I've only had time to skim the proposal for the moment, but will
return and pay it full attention when I get a bit more .. some quick
thoughts, though:
- having NSS or the underlying platform recognize certs as being one
of these varying levels sounds like a good idea
- the levels must mean some
Eddy Nigg (StartCom Ltd.) wrote:
Following discussions both in private and at the dev-security mailing
list of Mozilla with various participants, we decided to put forward the
following initial proposal of a framework for the handling of SSL/TLS
and S/MIME digital certificates in Mozilla produc
Eddy Nigg (StartCom Ltd.) wrote:
Gervase Markham wrote:
Eddy Nigg (StartCom Ltd.) wrote:
So personally I'm very much in favor of *opening* up the *audit*
procedures and suggest / build a auditor profile and realistic
requirements of the audit firm.
What makes you say that Webtrust's own cri