Frank Hecker wrote: > Trustwave has applied to add two EV root CA certificates to the Mozilla > root store, and to also upgrade an existing root CA certificate for EV > use, as documented in the following bugs: > > https://bugzilla.mozilla.org/show_bug.cgi?id=409837 > https://bugzilla.mozilla.org/show_bug.cgi?id=409838 > https://bugzilla.mozilla.org/show_bug.cgi?id=409840 > > and in the pending certificates list: > > http://www.mozilla.org/projects/security/certs/pending/#Trustwave > > I have evaluated their request, as per the mozilla.org CA certificate > policy: > > http://www.mozilla.org/projects/security/certs/policy/ > > and plan to officially approve this request after a public comment period. > > Note that the WebTrust EV audit for Trustwave was done under the final > EV guidelines and WebTrust EV criteria, so its acceptance under our > policy is not dependent on making the proposed policy change discussed > in my previous message. Question:
The entry at http://www.mozilla.org/projects/security/certs/pending/#Trustwave states that "At this time there are no subordinate CAs for any of these roots; instead end entity certificates are issued directly from the roots". Except of the Mozilla CA policy suggesting to use intermediate CA certificates or different roots according to different policies , doesn't EV *require* the usage of intermediate CAs (no direct issuance)? Does anybody know from memory about this? Else I'll look it up... -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
