I am now opening the first public discussion period for a request from Comodo to add the Comodo ECC Certification Authority root certificate to Mozilla and enable it for EV use. This is bug 421946, and Kathleen has produced an information document attached to the bug.
https://bugzilla.mozilla.org/show_bug.cgi?id=421946 There's a summary of the information also available at http://www.mozilla.org/projects/security/certs/pending/#Comodo Some points worth mentioning about this request: * This is a new root. Initially it will have a subordinate CA used for issuing EV SSL certs, but as I understand it Comodo will potentially use the hierarchy under this root for other types of certs (both EV and non-EV) -- in a sense it's the ECC equivalent to the new Comodo Certification Authority root recently added to Mozilla. * In the CRL section of the information document Kathleen has a sentence "EV certificates issued from the ECC root". That's a typo (and in fact the CRL referenced just below that sentence is not for the root but for the EV SSL subordinate CA.) No end entity certs (EV or otherwise) are or will be issued directly from the Comodo ECC Certification Authority root; issuance of end entity certs would be done through subordinate CAs corresponding to the various types of certs, consistent with exist Comodo practice. * Also, the "flag problematic practices" section at the end of the info document has the sentence fragment "Issuing end entity certs directly from root rather than using an offline root and issuing certs through a subordinate CA". That's just the reference to checking for the practice. Kathleen forgot to add "(no)" or "(not an issue)" afterwards; see the above item. This first public comment period will be for one week, and then I'll make a preliminary determination regarding this request. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
