Alaric Dailey wrote:
> I'd like to remind the participants, that StartCom has already one CA root
> in the NSS store which was approved less then a year ago:
That doesn't imply everything was perfect with this application at that
time. Have you ever seen a root certificate with a nonRepudiation
ke
[EMAIL PROTECTED] wrote:
> David would you be comfortable if all the 70+ CAs in the root store
> dropped their well-regulated WebTrust audits and went with security
> reviews like this one? That'd be fun to administrate.
>
> Part of the reason that Mozilla should want audits to be done by real
>
I'd like to remind the participants, that StartCom has already one CA root
in the NSS store which was approved less then a year ago:
https://bugzilla.mozilla.org/show_bug.cgi?id=289077#c18
The StartCom CA is also included in Apple and KDE, based on the same audit.
This is a request for an addition
David would you be comfortable if all the 70+ CAs in the root store
dropped their well-regulated WebTrust audits and went with security
reviews like this one? That'd be fun to administrate.
Part of the reason that Mozilla should want audits to be done by real
auditors is that those specialists ha
Anders Rundgren wrote:
> Thank you very much guys!
>
> I'm a little bit surprised that the Java "KeyStore" class always seem
> to have problems except for JKS and PKCS #12 key stores.
> Otoh, PKCS #11 and Capi seem to have similar issues.
>
The Mozilla-JSS keystore implementation is currently no
Paul Hoffman wrote:
> That makes the assumption that all domains from those countries are in
> the countries' TLDs; that is a bad assumption.
You mean that these CAs will not be able to sign certificates for some
sites that they might want to (e.g. www.myfrenchsite.com)? Yes, but
that's just t
David E. Ross wrote:
> I believe that trust should require public disclosure.
Citizens of France have no choice but to "trust" their government, to a
certain extent. In that the government can exercise jurisdiction over
them. Is the proposed certificate arrangement not just a reflection of
real
Paul Hoffman wrote:
> I propose that we simply do not allow classified audits. Those two CAs
> can get additional, non-classified audits if they want to be in the root
> store.
> If FubarSign came to us with a "classified" audit from a commercial
> auditor, would we even consider it?
>
> Why s
At 2:39 PM +0100 5/24/07, Gervase Markham wrote:
>There are currently two CAs who have applied for inclusion in the NSS
>store but their audits were done by their respective governments and are
>classified, and/or they are directly controlled by those governments.
>
>They are:
>
>KISA (South Korea,
Gervase Markham wrote:
> There are currently two CAs who have applied for inclusion in the NSS
> store but their audits were done by their respective governments and are
> classified, and/or they are directly controlled by those governments.
>
> They are:
>
> KISA (South Korea, .kr)
> https://b
[EMAIL PROTECTED] wrote:
> This is a broader comment on the Mozilla CA policy. If the desire is
> to include security reviews that are equivalent to a WebTrust audit,
> then for reviews against technical standards like ETSI the policy
> should require annual reviews as well as provide more detail
There are currently two CAs who have applied for inclusion in the NSS
store but their audits were done by their respective governments and are
classified, and/or they are directly controlled by those governments.
They are:
KISA (South Korea, .kr)
https://bugzilla.mozilla.org/show_bug.cgi?id=335
[EMAIL PROTECTED] wrote:
> This is a broader comment on the Mozilla CA policy. If the desire is
> to include security reviews that are equivalent to a WebTrust audit,
> then for reviews against technical standards like ETSI the policy
> should require annual reviews
We plan to do a round of upda
13 matches
Mail list logo
