Gervase Markham wrote:
> Eddy Nigg (StartCom Ltd.) wrote:
>> Exactly! And if the majority shouldn't trust a certificate with such a 
>> subject, neither should Mozilla (policy wise)! 
>>     
>
> That doesn't follow. If we include a certificate from a Turkish CA which 
> has a Turkish subject line, that's fine for Turkish people.
>   
Please note that the discussion I brought up concerning this issue is 
not related to the evaluation of TURKTRUST but in the broader context. 
Just want to make sure that this is understood! Since it isn't regulated 
in the Mozilla CA policy, it isn't an objection!

Now, you are right that this is certainly fine for people in the 
knowledge of the respective language and character set. But what about 
the rest? How can somebody make a judgment on the basis of the 
certificate details if the vast majority can't read it? Shouldn't this 
be handled as with other international legal documents such as 
passports, international driving licenses, Red Cross employee cards etc?
> The letters they include here say nothing about their _trustworthiness_, 
> merely about my ability to evaluate it.
>   
Who said trustworthiness? I want to be able to read the content of the 
certificate, know the name of the organization perhaps (matching that of 
their web site or other information), perhaps the locality, country 
etc...Which content should be in the C field for example? It's common to 
use international two letter codes for country, but can this be actually 
just anything? Like /C=לא רוצה להגיד

>> No, that's not what I suggested, rather to stick what most CAs in any 
>> case do already. Stick to Latin characters...use the content of the 
>> passport or driving license for example. This is what Verisign and other 
>> CAs do in Japan for example. Most likely also in other countries.
>>     
>
> EV is going to have Japanese letters, I know that for a fact because 
> there was a big discussion about it. 
Interesting!
> I don't know what decision they 
> came to on also including a Romanisation. (Problems can arise because 
> some scripts have no official Romanisation, so there are several ways of 
> doing it.)
>
> I don't think it's right for us to put restrictions in this area.
>   
Apparently it also has been widely discussed at the EV forum and not 
surprisingly. Guess this subject might be the source for some more 
discussions and concerns. Obviously certificates were issued in the past 
generally in Latin characters and I haven't come across many which made 
use of anything else. If this behavior is going to be changed with the 
strife for localization, than perhaps the picture will look much 
different in the future than today.

Oh...and btw, if EV indeed allows to use all kinds of character sets 
than I view this as a serious devaluation of this standard. That's not 
the way I expect businesses on the world-wide-web to identify 
themselves. What is Larry going to say? Issued to "לא ידוע"? Mmmmhh  ;-)

-- 
Regards 
 
Signer:         Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber:         [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]>
Blog:   Join the Revolution! <http://blog.startcom.org>
Phone:          +1.213.341.0390
 

_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to