Eddy Nigg (StartCom Ltd.): > 4.) Frank, this one is for you: > > Since most (if not all) CA root certificates of Comodo were inherited > from the Netscape era and never were properly evaluated by an inclusion > process and in light of the questions above, isn't a thorough review of > this CA in place in order to guaranty conformance to the Mozilla CA > policy? Because an upgrade to EV would tie this CA further into NSS I > believe that such a review should be performed prior to any other step. > I haven't invested a lot of time into this request initially (as I > haven't for other upgrade requests for EV during the comments period), > but raised enough questions which might justify such a review. > > >
Oh, and it that respect I have another interesting question. Supposed a CA issues EV certificates (audited and conforming to the relevant criteria in every respect) but their other CA business (meaning non-EV) would fail to conform to the Mozilla CA policy, what would happen? What are the (technical) options and possibilities? Could a CA be trusted when issuing EV certificates but not for other types of certificates? Or must any EV enabled root also otherwise be enabled? What would we (have to) do in such a case? -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
