Eddy Nigg wrote:- > (to Frank Hecker) > As per your comment in > https://bugzilla.mozilla.org/show_bug.cgi?id=421946#c17 you > state that no problematic practices associated with this CA, > but I found that in section 2.4.1 domain validated wild cards > are issued, which is listed in > http://wiki.mozilla.org/CA:Problematic_Practices#Wildcard_DV_SSL_certificate s > > But I'm not sure which type the ECC certificates belong to > (which letter under section 2.4.1) in which case e) might not > apply. [Robin said...] We would like to be able to apply any of these to our ECC root. Initially I would imagine we will position certificates with ECC keys as being a high-end product and will not include DV certificates of any kind in the product range, but we would like to retain the ability to issue ECC DV certificates (including wildcards) at least until we establish that the market no longer requires them.
> Oh and f) is also interesting ;-), I wonder how many > "localhost" certificates were issued so far... [Robin said...] Not many! We do issue quite a number for organizations to use internally on other names, though. E.g. if we have a server on our corporate intranet called wiki.comodo then I might want a certificate to allow me to use https://wiki.comodo. I can't buy an SSL certificate from one of our range of Internet SSL certificates because I can't pass the domain validation step. Hence we have a different product range which, rather than validating domain ownership, validates that the domain name is not usable on the internet. > > This CP/CPS also covers certificates with a validity of 10 > years which is again listed in > http://wiki.mozilla.org/CA:Problematic_Practices#Long-lived_DV_certificates > Also here, I had difficulty to confirm if this applies to > the ECC certs or not. Maybe Rob can clarify this here? [Robin said...] We would like to be able to apply any of these to our ECC root. Initially I would imagine we will position certificates with ECC keys as being a high-end product and will not include DV certificates of any kind in the product range, but we would like to retain the ability to issue long-lived ECC DV certificates at least until we establish that the market no longer requires them. Regards Robin _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
