On 02/09/2009 09:35 PM, kathleen95...@yahoo.com:
Of course. I will await your next post to this discussion.
Just browsing through the various documents and I noticed the following so far.
It seems to me that the code signing bit *should not* be activated, it should be reflected in the "Pending" page as well.
Email validation seems to me ambiguous at least and apparently not defined in their CP/CPS. Neither is domain ownership/control validation defined as I understand.
Repeated requests for translating the relevant parts have not been complied. Comments in this respect (bug 393166, comment 15, d) ) have no relevance to the question asked and your questions in comment 13 have partly not been answered, in particular 2.d. Besides a general denial in regards of problematic practices, no details have been provided. In particular I couldn't find out for how long their certificates are valid and how S/MIME certificates are provided to the subscriber ("We send the certificate to the subscriber by mail").
Overall I think there is very little information available about this CA (in English) and I'm hesitant to continue without a more thorough review of critical aspects.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
