Eddy Nigg wrote:
Considering that this is a root for EV certificates only (and I hope this is indeed the case and no other certificates will be issued from this root),
<snip>
Per comment #15 of bug 394419 and the CA hierarchy diagram submitted by SECOM Trust and attached to the bug, Security Communication EV RootCA1 (the root at issue here) is being used only for EV SSL certificates. It has a single subordinate CA, SECOM Passport for Web EV CA (also operated by SECOM Trust), that is the actual issuing CA.
SECOM Trust has another root (Security Communication RootCA1, no "EV") already in Mozilla, so they have no need to use this new root for non-EV SSL certificates. Per comment #15, SECOM Trust may consider using the new root for other purposes in the future, e.g., object signing certificates. If they want to do that at some point then they will need to submit a new request. The current request is to enable the new root for SSL use only.
Note that I have in fact reviewed various sections of the CPS and CP, using Google Translate. I didn't see anything in them that was inconsistent with what I've written above.
Frank -- Frank Hecker hec...@mozillafoundation.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
