Gervase Markham wrote: > Eddy Nigg (StartCom Ltd.) wrote: >> Exactly! And if the majority shouldn't trust a certificate with such a >> subject, neither should Mozilla (policy wise)! >> > > That doesn't follow. If we include a certificate from a Turkish CA which > has a Turkish subject line, that's fine for Turkish people. > Please note that the discussion I brought up concerning this issue is not related to the evaluation of TURKTRUST but in the broader context. Just want to make sure that this is understood! Since it isn't regulated in the Mozilla CA policy, it isn't an objection!
Now, you are right that this is certainly fine for people in the knowledge of the respective language and character set. But what about the rest? How can somebody make a judgment on the basis of the certificate details if the vast majority can't read it? Shouldn't this be handled as with other international legal documents such as passports, international driving licenses, Red Cross employee cards etc? > The letters they include here say nothing about their _trustworthiness_, > merely about my ability to evaluate it. > Who said trustworthiness? I want to be able to read the content of the certificate, know the name of the organization perhaps (matching that of their web site or other information), perhaps the locality, country etc...Which content should be in the C field for example? It's common to use international two letter codes for country, but can this be actually just anything? Like /C=לא רוצה להגיד >> No, that's not what I suggested, rather to stick what most CAs in any >> case do already. Stick to Latin characters...use the content of the >> passport or driving license for example. This is what Verisign and other >> CAs do in Japan for example. Most likely also in other countries. >> > > EV is going to have Japanese letters, I know that for a fact because > there was a big discussion about it. Interesting! > I don't know what decision they > came to on also including a Romanisation. (Problems can arise because > some scripts have no official Romanisation, so there are several ways of > doing it.) > > I don't think it's right for us to put restrictions in this area. > Apparently it also has been widely discussed at the EV forum and not surprisingly. Guess this subject might be the source for some more discussions and concerns. Obviously certificates were issued in the past generally in Latin characters and I haven't come across many which made use of anything else. If this behavior is going to be changed with the strife for localization, than perhaps the picture will look much different in the future than today. Oh...and btw, if EV indeed allows to use all kinds of character sets than I view this as a serious devaluation of this standard. That's not the way I expect businesses on the world-wide-web to identify themselves. What is Larry going to say? Issued to "לא ידוע"? Mmmmhh ;-) -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
