Eddy Nigg (StartCom Ltd.) wrote: > Under section 6 of the Mozilla CA policy > (http://www.mozilla.org/projects/security/certs/policy/) it states: > /provide some service relevant to typical users of our software products/ > > This CA seems to issue certificates to Austrian citizens only
Are Austrians not users of our products? :-) Every CA has a market that it serves. There is no obvious bright and clear line where we can divide CAs into "providing services relevant to typical users" and not; the language is intentionally vague. We have been asked to include certificates for extremely large (hundreds of thousands of users) albeit closed health and academic PKI systems. We are considering how to respond. As we discovered when we considered the applications from sub-national government entities, there's no easy way to draw this line. One might say "we want to avoid roots which are only there for the benefit of a single company's business" - but then Visa applies, which has a billion cardholders, millions of retailers and thousands of banks. Is it not in the interests of the project to include their root? It's a hard problem. > Also I wonder which CA root applies to which one from the > list on http://signatur.rtr.at/en/providers/providers/atrust.html > The naming convention of the roots are not consistent with > http://www.mozilla.org/projects/security/certs/pending/#id0x0e6c3390 > making it impossible to refer to the correct entry. The CA can choose what friendly names they like for their website and for the store; any confusion is their problem. You can check which cert is which by comparing fingerprints. Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
