Frank,
> No. I'm simply stating that there are CA-related issues which may not
> warrant us having a formal policy on, but which we may have an opinion
> on that we want to express.
>
> To take another example: our policy doesn't address the issue of whether
> CAs issue end entity certs directly f
Thanks Robert.
I will follow your suggestion and iterate over the list and use the
context to filter
out cert before comparing the SPKIs.
--
Subrata
Robert Relyea wrote:
> Subrata Mazumdar wrote:
>> Hi,
>> is there any way I can find the certificate associated with a public
>> key using
>> the
Eddy,
> The problem I'm seeing right now is, which isn't a problem of yours per
> se, that if Mozilla approves the upgrade to EV status, your CA roots
> will receive further anchors in the software, making it even more
> difficult to receive the cooperation I'm seeking on the issues, not
> speaking
Subrata Mazumdar wrote:
Hi,
is there any way I can find the certificate associated with a public key
using
the SubjectPublicKeyInfo (CERTSubjectPublicKeyInfo)?
I am looking for public API and not too low level.
I looked in the .../nss/certdb/cert.h and .../nss/pk11wrap/pk11pub.h
files - cou
Robin Alden:
> From Frank's most recent reply I accept the reason for the consideration of
> all aspects of our operation, but perhaps that separation should be made
> more clear between those matters we are discussing here which are relevant
> to the EV enabling of our roots within (what we hope t
Robin Alden:
>> - We are not seeking to cause any harm to Comodo or unilaterally remove
>> the roots from NSS. However can we seek the cooperation on the issues
>> which were raised and is Comodo willing to address this issues in good
>> faith?
>>
> [Robin said...] We are willing to address is
At 11:09 PM -0400 3/25/08, Frank Hecker wrote:
>As long as
>domain names can be re-registered to different owners, there is always
>this potential to some degree. It doesn't matter whether the cert
>lifetime is 10 years, 1 year, or 1 week.
Exactly right. A CA re-affirms the binding between the pub
Robin Alden wrote:
>> Issuing
>> long-lived DV certs and wildcard DV certs may be particular practices
>> worth our having some formal positions on, even if they're not
>> addressed
>> by our official policy.
> [Robin said...]
> There I have to disagree to some degree.
> You have a policy which
Paul Hoffman:
> At 2:55 PM +0200 3/26/08, Eddy Nigg (StartCom Ltd.) wrote:
>
>> - We are not seeking to cause any harm to Comodo or unilaterally remove
>> the roots from NSS. However can we seek the cooperation on the issues
>> which were raised and is Comodo willing to address this issues in go
> Robin, I have a request to make. Lets put aside for a minute the
> procedural matters and let me ask you a few questions:
>
> - We are not seeking to cause any harm to Comodo or unilaterally remove
> the roots from NSS. However can we seek the cooperation on the issues
> which were raised and is
> Eddy Nigg (StartCom Ltd.) wrote:
> > Robin, just to answer this one...
> >
> > Robin Alden:
> >> [Robin said...] A fair point, and perhaps that is a whole other
> >> problem. Our CA *does* have
> >> roots in NSS.
> >>
> >
> > This is correct. However your CA roots are considered legacy roots
> w
> Robin, just to answer this one...
>
> Robin Alden:
> > [Robin said...]
> > A fair point, and perhaps that is a whole other problem. Our CA
> *does* have
> > roots in NSS.
> >
>
> This is correct. However your CA roots are considered legacy roots
> which
> were inherited from the Netscape era.
Eddy Nigg (StartCom Ltd.) wrote:
> Robin, just to answer this one...
>
> Robin Alden:
>> [Robin said...] A fair point, and perhaps that is a whole other
>> problem. Our CA *does* have
>> roots in NSS.
>>
>
> This is correct. However your CA roots are considered legacy roots which
> were inh
At 2:55 PM +0200 3/26/08, Eddy Nigg (StartCom Ltd.) wrote:
>- We are not seeking to cause any harm to Comodo or unilaterally remove
>the roots from NSS. However can we seek the cooperation on the issues
>which were raised and is Comodo willing to address this issues in good
>faith?
Why just Comodo
Robin, just to answer this one...
Robin Alden:
> [Robin said...]
> A fair point, and perhaps that is a whole other problem. Our CA *does* have
> roots in NSS.
>
This is correct. However your CA roots are considered legacy roots which
were inherited from the Netscape era. Many critics have r
Robin, I have a request to make. Lets put aside for a minute the
procedural matters and let me ask you a few questions:
- We are not seeking to cause any harm to Comodo or unilaterally remove
the roots from NSS. However can we seek the cooperation on the issues
which were raised and is Comodo w
Frank Hecker wrote:
> [...]
> Basically Dogtag is to Red Hat Certificate System as Fedora is to Red
> Hat Enterprise Linux.
>
> Congratulations to all the people at Red Hat, Sun, and Netscape who
> worked on this product over the years, and especially to the folks at
> Red Hat who finally managed t
> >> But by issuing *domain validated* certificate for up to *ten years*,
> >> without revalidation is completely irresponsible and borders on
> gross
> >> negligent.
> >>
> > [Robin said...]
> > I disagree. With a DV certificate the only thing that we are
> warranting is
> > that the key holder c
18 matches
Mail list logo
