Eddy Nigg (StartCom Ltd.) wrote:
> But our Mozilla policy hasn't kept pace with the developments of the CA
> industry and that of its browser, except the addition of the EV
> criteria. Effectively the Mozilla CA policy remained static since its
> introduction, which is perhaps desirable (that a
As I promised to come back to you, here what I gathered so far.
Both certificates from the links below are issued by GoDaddy. Both
GoDaddy and Comodo CPS have similar requirements in the subscriber
obligation and/or reasons for revocations:
Starfield (GoDaddy)
2.2.1.4 (iv) the Subscriber f
Frank Hecker:
> Nelson B Bolyard wrote:
>
>> But I believe we have already decided, in principle, to approve certs for
>> CAs that are subordinate to some root that is not approved, when the
>> subordinate CA meets the criteria, but the root does not.
>>
>
> Yes, I recall this discussion. H
Nelson B Bolyard wrote:
> But I believe we have already decided, in principle, to approve certs for
> CAs that are subordinate to some root that is not approved, when the
> subordinate CA meets the criteria, but the root does not.
Yes, I recall this discussion. However in the KISA case my opinion
Frank Hecker:
> Microsoft has taken an interesting approach to this problem, one that I
> think is worth discussing:
>
> "[F]or government CAs who issue certificates to secure government to
> government or citizen to government transactions, Microsoft will accept
> a statement from a government
Kyle Hamilton:
> I want a user interface which allows me -- at a minimum -- to see what
> CA signed a given certificate, how that CA is in my store (whether it
> was provided by Mozilla or the administrator or through my own
> action), the subject of the certificate, and the validity period of
> th
Frank, in order to continue the discussion below I really want to
understand first
1.) If our stated goal is simply to facilitate the inclusion of as many
CAs as possible
2.) If the principals guiding us are limited to the Mozilla CA policy only
3.) And if is, what we want, simply to provide jus
Frank Hecker wrote, On 2008-03-30 04:29:
> Eddy Nigg (StartCom Ltd.) wrote:
>> OK, so in that case KISA itself is becoming an auditor. Would KISA then
>> issue audit reports about the various CAs in question? What would be the
>> pros and cons of having each licensed CA approved instead of KISA a
Hi,
I managed to get generateCRMFrequest () to work with ease.
However, the next step seems a bit harder since
http://developer.mozilla.org/en/docs/importUserCertificates
talks about an CMMF object that doesn't seem to be commonly known.
I believe that Robert Relyea has answered this in some forum
Eddy Nigg (StartCom Ltd.) wrote:
> I agree with everything you said below for regular, standard CAs. This
> is what the policy knew when it was written. There is a CA, they have a
> root and some intermediate CA certificates (according to the
> recommendations after all), they are one entity tak
On 3/30/2008 4:57 AM, Eddy Nigg (StartCom Ltd.) wrote:
> Hi Frank,
>
> I agree with everything you said below for regular, standard CAs. This
> is what the policy knew when it was written. There is a CA, they have a
> root and some intermediate CA certificates (according to the
> recommendation
And in continuation to the other posts I made:
- Do we require an audit in the Mozilla CA policy because we want to
have a third party confirmation about the CAs infrastructure and full
implementation of its policies or do we require an audit just for its sake?
- Do we require minimal validati
Hi Frank,
I agree with everything you said below for regular, standard CAs. This
is what the policy knew when it was written. There is a CA, they have a
root and some intermediate CA certificates (according to the
recommendations after all), they are one entity taking responsibility
for their
Eddy Nigg (StartCom Ltd.) wrote:
> OK, so in that case KISA itself is becoming an auditor. Would KISA then
> issue audit reports about the various CAs in question? What would be the
> pros and cons of having each licensed CA approved instead of KISA as a
> "wild card" CA for a whole country?
On
14 matches
Mail list logo