Gervase Markham wrote: > Eddy Nigg (StartCom Ltd.) wrote: > >> I explained it before. Because YOU can't read the subject line >> /C=ישראל/ST=דרום/O=סטארטקום בע"מ/CN=אדי ניק >> It's completely useless to you. >> > > Absolutely. So I would seriously consider not trusting a site with such > a subject line. > Exactly! And if the majority shouldn't trust a certificate with such a subject, neither should Mozilla (policy wise)! However nothing prevents that currently. And just for the record, I guess that EV doesn't allow it either (so we don't have to mimic EV in the Mozilla CA policy, there are certain basic patters which should be defined - as with minimal validation, audit criterion etc). >> A passport or international driving >> license entirely in Hebrew, Arabic, Chinese, Japanese, Russian etc. >> would be useless as well. However all international ID documents issued >> by the affected countries have at least an English (Latin) translation >> included (in addition to the natural language and character set). >> > > Really? I'd be interested in evidence of this. > Obviously due to my job I guess that I've seen more international passports and driving licenses than you....in addition to that, one of my two passports in my possession is exactly as described. I'm not sure how I can provide evidence , but if I would be allowed to disclose the information I have I could prove it. > Persuading all the CAs to adopt a scheme where you have both foreign and > Latin letters would be extremely difficult - not least because of the 64 > character limit on field length. No, that's not what I suggested, rather to stick what most CAs in any case do already. Stick to Latin characters...use the content of the passport or driving license for example. This is what Verisign and other CAs do in Japan for example. Most likely also in other countries.
-- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
