Frank Hecker: > Network Solutions has applied to add a new root CA certificate to the > Mozilla root store and enable it for EV, as documented in the following bug: > > https://bugzilla.mozilla.org/show_bug.cgi?id=403915 > > and in the pending certificates list: > > http://www.mozilla.org/projects/security/certs/pending/#Network%20Solutions > > I have evaluated this request, as per the mozilla.org CA certificate policy: > > http://www.mozilla.org/projects/security/certs/policy/ > > and plan to officially approve the request after a public comment period. >
Frank, I had the look at this request and read through parts of the audit statements, policies and practice statements. The policies of Network Solutions are very clean, reasonable and responsible. It's very refreshing and assuring to review such a CA for a change... The only thing I must notice is the fact that they issue from this CA root, Non-EV certificates directly, whereas EV certificates are issued through an intermediate CA certificate, according to the guidelines. I suspect however that this wasn't the real intention of the EV guidelines and somehow circumvents its very purpose (by having the root off-line and issue through sub ordinated online CA certificates). I suggest to have that improved. Beyond that, there are absolutely no issues with this request :-) -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
