Nelson B Bolyard wrote: > Frank, In the past, Gerv rejected all CA cert requests that did not > originate from a representative of the CA itself, citing the policy. > > By honoring a request to include the Verisign CA cert, which request did > not originate with a representative of the CA, this is an implicit change > in practice regarding the policy.
I think this is a moot point now, at least with regard to VeriSign, since Rick Andrews has now submitted bug 402947. > Note that several requests have been sent to the members of the CABForum, > inviting them (begging them? :) to submit their new root CA requests to > mozilla (through bugzilla), and those requests for requests have been > largely ignored. Most of the CABForum CAs have not yet filed requests > for inclusion of their root CA certs in bugzilla. <snip> > Perhaps you should consider asking the CABForum members, again, to apply > for inclusion of their EV roots in mozilla products. I will do that, once the 1.1 policy is finished. (I hope I can declare that done very soon, by the end of this week if possible.) Goodness knows I have more than enough work to do evaluating inclusion requests from CAs that have explicitly asked to be included. If I invite a CA to have their EV root be included (or an existing root be marked as EV-capable), and they don't respond to that invitation, then I likely won't feel any obligation to do anything about their EV root. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
