Re: Request to enable EV for VeriSign Class 3 G4 ECC root

On Wed, Apr 20, 2016 at 06:48:14AM -0700, Ryan Sleevi wrote: > In either event, the only objection to clarifying this ambiguity in the > Forum was raised by Symantec, and as such, a ballot to correct this > confusion has remained stalled. It seems fairly dysfunctional if a single member of the

Re: ISRG Root Inclusion Request

One small thing I noticed - the CA Hierarchy diagram the bug links to is out of date: https://bugzilla.mozilla.org/attachment.cgi?id=8660928 At a minimum, X3 and X4 now exist: https://letsencrypt.org/certificates/ -- Eric On Wed, Apr 20, 2016 at 4:01 PM, Kathleen Wilson

ISRG Root Inclusion Request

This request by ISRG is to include the "ISRG Root X1" root certificate, and turn on the Websites trust bit. Internet Security Research Group (ISRG) offers server authentication certificates to the general public around the world. The request is documented in the following bug:

Re: Request to enable EV for VeriSign Class 3 G4 ECC root

On Wednesday, April 20, 2016 at 7:16:12 AM UTC-7, Kurt Roeckx wrote: > So the RFC seems to allow it to me, but a client can obviously decide > not to do it. I didn't say it wasn't allowed, merely that it was against the material advice of RFC 6125

Re: Request to enable EV for VeriSign Class 3 G4 ECC root

On 2016-04-20 15:48, Ryan Sleevi wrote: On Tuesday, April 19, 2016 at 10:15:16 AM UTC-7, Nick Lamb wrote: Some more thoughts (my previous substantive comments are awaiting moderation because I foolishly sent them before subscribing) 1. Historically other CAs in this family have issued