> Yes, those browsers allowed SGC/Step-up only for a restricted list of
> pre-installed root CA certificates.
Anyone have a list of the specific roots that are SGC enabled? Many
of them must be due for expiry soon.
Is the intent to renew/replace them with SGC super-powers, or to let
SGC fade awa
Maintenance of the WebTrust seal requires an annual audit. The audit
is of compliance with the CPS - so if there are issuing CAs - whether
internal or external - covered by the CPS, then they part of those
procedures.
The same is not true of ETSI - which is a standard not really an audit
regime.
1. Audit standards (WebTrust and ETSI for example) check that the CA
complies with its CPS - and that includes subordinates and external
RAs
>From Webtrust: "In the hierarchical model, the root CA maintains the
established "community of trust" by ensuring that each entity in the
hierarchy confor
> "The end result is that anyone who chooses to spend a hundred thousand
> bucks or so on a single audit can then go around selling the benefit of
> their inclusion in the trust list to the highest bidder without fear of
> repercussion. Which is what they've been doing. And nobody has the balls
This is a broader comment on the Mozilla CA policy. If the desire is
to include security reviews that are equivalent to a WebTrust audit,
then for reviews against technical standards like ETSI the policy
should require annual reviews as well as provide more detail on what
comprises a "Competent Pa
5 matches
Mail list logo
