Michael Ströder wrote: > I agree with Eddy on this. When defining cert profiles for CAs I always > take into consideration the set of relying participants. If the certs > are to be used globally they SHOULD be readable to the international > public like other international legal documents. This is not a technial > issue. > > Thank you Michael, I think you brought it now to the point much better than me. For me left to add, that localized certificates are probably fine for a limited set of users issued by a locally operating CA but not for a product used internationally on the world-wide-web used to authenticate and identify. (I'm explicitly using the WWW word, even if it sounds so much from the 90's, because that's what it still is). And obviously the relying party is what it's all about and Mozilla software is a product used globally!!! > For this particular attribute one should stick to the two-letter country > code (ISO 3166) as defined in X.520 section 5.3.1. Note that RFC 3280 > also refers to X.520 (1993) in this regard. Agreed! And I think that also in this regard we have to improve the Mozilla CA policy and/or recommended practices for CAs.
This will be for the benefit of all sides, being it the relying party (Mozilla, its users), the CAs and at last but not least it will improve the standing of digital certificates generally. I think that also in this respect Mozilla can improve the overall experience of the Internet (see slogans of Mitch etc.) and take a lead in this respect and revert the devaluation of said certification. -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
