When we updated the Mozilla CA certificate policy (to revision 1.1) to accommodate requests related to Extended Validation (EV) certificates, we specified use of the 1.0 EV guidelines from the CAB Forum and the 1.0 EV criteria from WebTrust. As it happens, because of the relatively recent adoption of the final EV guidelines and criteria and typical CA audit schedules, almost all of the EV-related CA requests we've gotten were associated with WebTrust EV audits against the draft guidelines. However the changes introduced between the draft and final versions don't appear to be significant in terms of end user security.
I've therefore proposed a new revision 1.2 of the policy to accept all valid WebTrust EV audits, whether against the draft or final criteria and guidelines, for all CA EV applications submitted on or before June 30 of this year: https://bugzilla.mozilla.org/show_bug.cgi?id=413545 Based on comments thus far this seems to be a relatively non-controversial change, so I'm going to go ahead and make it after one final call for comments. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
