On 12/16/2008 07:43 PM, Frank Hecker:
However, does the SSL trust bit need to be enabled for S-TRUST client certificates to be properly recognized at either the client or server end?
Absolutely not. Email is sufficient for S/MIME and authentication.
* Per German law S-TRUST issues one new root CA certificate for every year, with each root cert having a 5-year lifetime. Thus they are currently requesting inclusion of four root certificates, for 2005 through 2008. Starting in 2010 the older root certs will begin to expire and we can remove them.
This is unfortunate and seems to me problematic. I'd suggest that they create a root from which they'd issue those as intermediate. I'm almost certain that other vendors will not include them for the same reason (so it's not an argument in itself, it just shows the limits of reason for inclusion - some vendors do have specific requirements in this regard which we don't). However I want to think more about it (if it's reasonable).
* The CPS documents are in German (sorry Eddy!),
Why sorry? I speak fluently German....going to have a look at it if the above isn't an issue.
I suggest reading Kathleen's summary document to get an overview of this request; thanks again to Kathleen for preparing these!
Yes, they are always excellent! I really love the work Kathleen performs, it speeds everything so much up!
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
