Eddy Nigg wrote:
On 12/28/2008 01:13 PM, Kai Engert:The current Mozilla CA Certificate Policy says: "6. We require that all CAs whose certificates are distributed with our software products: ... provide attestation of their conformance to the stated verification requirements ..."Kai, just to counter Ian's reply:The objective of the Mozilla CA policy is to provide sound, reliable and in this context reasonable security for its users.This is anchored clearly in the Mozilla Manifesto as a principal and further described and defined in the Mozilla CA Policy what PKI and CAs concerns. The Mozilla CA Policy is clear in its requirements, *intend* and what it is meant to achieve. All the rest is just throwing sand into ones eyes.In this respect section 7 of said policy clearly states what the requirements are. CAs may find different ways to achieve and conform to those requirements, however it should not lead to a compromise of those requirements. Personally I wouldn't outsource domain control validation but incorporate it into the general process of certificate issuance. In case it is delegated, the third party must provide attestation of their conformance. I think this is what you were proposing...
Yes
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
