Eddy Nigg wrote:
> Both bugs from above have status information incomplete and the entry at
> the pending page is also marked as incomplete (Red). Is this intentional
> and can/should I wait for any additional review?
Sorry, that was an oversight on my part. I've updated the bug status
information and changed the pending list to mark the entry as complete.
(I just checked in those changes, so it may be an hour or so until they
show up on the production site.)
> Can you guide me on the exact
> status of this request and how I should relate to the information in the
> bugs and pending page?
This request is in the first comment period. After this comment period I
will make a preliminary decision on whether to approve the request, and
if so then we'll have a second ("last call") comment period before final
approval.
Note that GlobalSign is a "legacy CA", i.e., it has roots in NSS/Mozilla
from before my time. There are three separate issues related to these
requests:
1. Approval of the roots for EV. This is the main point of the requests,
and I delayed bringing the request into public discussion until
GlobalSign had completed its EV audit and made the report available
(which just happened in the last week or two). IIRC the EV stuff looks
pretty straightforward.
2. Refreshing one of the roots, i.e., replacing the current root cert
with a new cert with a longer lifetime (same public key). IIRC the
public key in question is a 2048-bit key, so this is pretty
straightforward also IMO.
3. General review of the roots, since this never happened previously.
IIRC the only thing out of the ordinary here was GlobalSign having some
subordinate CAs operated by third parties. I can comment more on that as
we get into the discussion.
Frank
--
Frank Hecker
[EMAIL PROTECTED]
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
