Gervase Markham wrote: > > Are Austrians not users of our products? :-) > Sure ;-) > Every CA has a market that it serves. There is no obvious bright and > clear line where we can divide CAs into "providing services relevant to > typical users" and not; the language is intentionally vague. We have > been asked to include certificates for extremely large (hundreds of > thousands of users) albeit closed health and academic PKI systems. We > are considering how to respond. > OK. > As we discovered when we considered the applications from sub-national > government entities, there's no easy way to draw this line. One might > say "we want to avoid roots which are only there for the benefit of a > single company's business" - but then Visa applies, which has a billion > cardholders, millions of retailers and thousands of banks. Is it not in > the interests of the project to include their root? > > It's a hard problem. > Right! Usually any root included is interesting for the party which applied to have it included obviously. I guess, that the relevance to a typical Mozilla user is supposed to balance the business interested somewhat. Anyway, I just wanted to make aware of the limitations with this specific CA, which might be a "first" and open the door for many other local CAs to come.
If I remember right, there was a discussion on that issue? Don't remember its outcome however...Perhaps the Mozilla CA policy should be clearer in that respect and explain if a CA should be public or not (Assuming that a CA for Austria citizens only is not a public CA per se). > >> Also I wonder which CA root applies to which one from the >> list on http://signatur.rtr.at/en/providers/providers/atrust.html >> The naming convention of the roots are not consistent with >> http://www.mozilla.org/projects/security/certs/pending/#id0x0e6c3390 >> making it impossible to refer to the correct entry. >> > > The CA can choose what friendly names they like for their website and > for the store; any confusion is their problem. You can check which cert > is which by comparing fingerprints. > Can you give me an example? I can't find a way to compare anything about the certificate and the list provided. I just picked randomly one from the list: http://signatur.rtr.at/en/providers/services/atrust-asign-corporate-light.html -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
