Kyle Hamilton wrote:
So. If I understand correctly:
<snip>
1) HKP issued certs currently do not cause problems. 2) HKP has been notified how their system may cause problems in the future. 3) HKP is not requesting EV status, so any EV-specific discussion is irrelevant at this time. 4) HKP meets all other requirements to be included in the root program.
This is my understanding, at least until someone convinces me I'm wrong.
There is only one last question that I'm going to ask, since it is relevant here: Which version of PKIX (3280 or 5280) does HKP issue certificates to be conformant to? My understanding is that NSS supports 3280 (and not 5280); if there are certificates issued to 5280-not-3280 standards, this might cause issues and need to be readdressed.
Are you (or anyone else for that matter) aware of any 3280 vs. 5280 differences that might be relevant here? We've already had the treatment of the CIDP extension in CRLs as one example, and I think we've concluded that that particular difference is not an issue. (I agree with Nelson that the 5280 language on non-support of CIDP is flawed and can be safely ignored.)
Frank -- Frank Hecker hec...@mozillafoundation.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
