On 01/12/2009 03:59 PM, Rob Stradling:
Right now, as I see it, we have... 1). "potential" - The "Potentially Problematic Practices" wiki page. 2). "actual" - The Mozilla CA Certificate Policy. So when a problem "is shown to have moved from 'potential' to 'actual'", surely the way to address it would be to update the Mozilla CA Certificate Policy and require CAs to conform to the new version (or risk having their Root(s) pulled) ?
Should the fact that MD5 is viewed as insecure or insufficient for the assigned purpose be especially listed in the Mozilla CA Policy? Should every possible algorithm be listed there too? Does your CA policy and practice statements list any algorithm you don't intend to use for the same reasons? Or supposed Mozilla deems certain practices in relation to RAs and/or intermediate CAs an unnecessary risk and problematic, does this have to be explicitly stated in the Mozilla CA Policy? If yes, what else must be stated there or is the intend of the policy clear enough?
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
