Ben Bucksch wrote:
Actually, not even that is necessary. Classes each have their own root
cert, so we can simply match root certs to level in our software, using
a list that is just as hardcoded as our root certs, and matches the
assigned levels.
That assumes CAs only issue one type of cert
Eddy Nigg (StartCom Ltd.) wrote:
Fist of all the proposal tries to structure and define SSL certificates
in the Mozilla CA policy first and foremost, about something which is
common practice. It nowhere says how, if and when the UI should
differentiate.
Oh come on, Eddy. Are you telling us
Eddy Nigg (StartCom Ltd.) wrote:
Gerv, I think you are concentrating too much on what Level 2 means,
instead of trying to see the whole picture first and which problem the
proposal tries to solve. But here a few thoughts about Level 2, since
you are insisting on it. First a few facts:
- This
Eddy Nigg (StartCom Ltd.) wrote:
Sorry? Gerv, please open a bug at bugzilla with the request to remove
all CA certificate from the NSS certificate store on the grounds, that
there is no auditing to make sure the CA was honest in terms of doing
the correct amount of verification.
I'd like to.
They are a Geotrust reseller, but also have issued hundreds of ssl
from their own FlySSL CA: http://www.registerfly.com/ssl/
They have no CPS or other documentation posted - just the statement
The following information has been self-reported by the entity to
which it relates for the purpose of
[EMAIL PROTECTED] wrote:
They are a Geotrust reseller, but also have issued hundreds of ssl
from their own FlySSL CA: http://www.registerfly.com/ssl/
It's irrelevant! There is no FlySSL in the Mozilla certificate store.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone:
Looks like there's a mix of FlySSL certs out there. Many of them are
issued from Geotrust's RapidSSL (with no reference to FlySSL in
them). But there are also many from the
ResellerFlyCertificateServices CA, which is under Comodo's AddTrust
root.
___