Re: GeoTrust request for EV root inclusion

Frank Hecker wrote: > GeoTrust has applied to add a new EV root CA certificate to the Mozilla > root store, as documented in the following bug: > > https://bugzilla.mozilla.org/show_bug.cgi?id=407168 > I have evaluated this request, as per the mozilla.org CA certificate > policy: > > http:

Re: GeoTrust request for EV root inclusion

Frank Hecker a écrit : > Eddy Nigg (StartCom Ltd.) wrote: >> Perhaps it's just a coincident that a representative of Verisign >> alarms a bunch of mailing lists at Mozilla about their CA certificates >> and a day later the relevant CAs are updated and ready for >> inclusionyou see what I mean?

Re: GeoTrust request for EV root inclusion

Eddy Nigg (StartCom Ltd.) wrote: > I've also read already your reply at the bug and to this list, so I'm > not going to argue about your examination and decision. My job is/was to > make you aware of eventual irregularities. And I appreciate your doing so. As it turned out this was a non-trivial

Re: GeoTrust request for EV root inclusion

Frank Hecker: > I don't think it's an issue with the EV criteria. The final EV > guidelines were issued in June 2007, in plenty of time for them to be > reflected in the July 27, 2007 CPS. So as far as I can tell the KPMG audit of > GeoTrust was an audit against the final WebTrust EV criteria us

Re: GeoTrust request for EV root inclusion

Frank Hecker wrote: > The new CPS didn't exist at the time of the audit, but it did exist at > the time of the audit report. Actually, the new CPS was in fact written and approved during the audit period; see https://bugzilla.mozilla.org/show_bug.cgi?id=407168#c26 > The bottom line: I think th

Re: GeoTrust request for EV root inclusion

Frank Hecker wrote: > Here's my interpretation of what happened: KPMG audited against the True > businessID CPS of July 27, 2007 s/July 27, 2007/July 1, 2007/g The version number of the document is 2.7, which is probably why I made this particular error. Frank -- Frank Hecker [EMAIL PROTECTE

Re: GeoTrust request for EV root inclusion

Eddy Nigg (StartCom Ltd.) wrote: > Now this is exactly the issue I'm seeing here. Shouldn't have KPMG > confirmed the actual CPS against which the audit was performed? KPMG > confirms to have audited against a CPS which didn't existed at the time > of the audit and which wasn't valid in every re

Re: GeoTrust request for EV root inclusion

Jay Schiavo replies at the bug https://bugzilla.mozilla.org/show_bug.cgi?id=407168#c24 with the following: We did consolidate all our CPSs into one document. However, The EV sections included in the CPS were copied over from the True business ID with EV CPS. There were no changes to t

Re: GeoTrust request for EV root inclusion

Nelson Bolyard: > I'd like to suggest that every time there is a state change in a request, > a comment should be added, documenting the state change. > +1 This should be done at the bug AND the pending page if I understand you correctly. Very much agreed. -- Regards Signer: Eddy

Re: GeoTrust request for EV root inclusion

Frank Hecker: > Actually, KISA indeed entered the public discussion stage, in the sense > that I gave preliminary approval. What happened then was that Eddy and I > think others raised a number of issues, and I haven't gone back to do a > final evaluation in light of the new material provided by

Re: GeoTrust request for EV root inclusion

Frank Hecker: > Eddy Nigg (StartCom Ltd.) wrote: > >> Perhaps it's just a coincident that a representative of Verisign alarms >> a bunch of mailing lists at Mozilla about their CA certificates and a >> day later the relevant CAs are updated and ready for inclusionyou >> see what I mean? >

Re: GeoTrust request for EV root inclusion

Nelson Bolyard: > Eddy, I haven't pushed for the inclusion of any CA or any CA cert. > OK Nelson, again I apologize for any inconvenience my previous post may have caused you. > Then I went and looked at the "pending" page, > http://www.mozilla.org/projects/security/certs/pending/index.xml > An

Re: GeoTrust request for EV root inclusion

Eddy Nigg (StartCom Ltd.) wrote: > Perhaps it's just a coincident that a representative of Verisign alarms > a bunch of mailing lists at Mozilla about their CA certificates and a > day later the relevant CAs are updated and ready for inclusionyou > see what I mean? Actually, it is a coincid

Re: GeoTrust request for EV root inclusion

Frank Hecker wrote, On 2008-03-05 13:12: > Nelson Bolyard wrote: >> 1) When I look at the bugzilla bug list of open root CA requests, at >>> https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&product=mozilla.org&component=CA+Certificates&bug_status=UNCONFIRMED&bug_status=NEW&bug_status

Re: GeoTrust request for EV root inclusion

Wowowow, slowly! Nelson, I didn't meant to attack you in any way. I apologize if this what you understood from my previous post! -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Blog: Join the Revolution!

Re: GeoTrust request for EV root inclusion

Frank Hecker: > > Is your concern that the CPS is dated after the audit? Not really, but just the fact that the audit was performed at a period prior to the CPS publishing and KPMG confirming it. It's a little bit hard to imagine that they covered the CPS during that period - somehow the statem

Re: GeoTrust request for EV root inclusion

Nelson Bolyard wrote: > I wanted, but did not find, a summary table. So I made one, using bugzilla. > I took the status information in the pending page and updated the > individual bugzilla bugs with it. For every CA listed on the pending page > whose request bug is still open, I updated it with

Re: GeoTrust request for EV root inclusion

(Back from errand...) Frank Hecker wrote: > Is your concern that the CPS is dated after the audit? First, feel free > to ask in the bug what changes were made between the audit and the date > of publication of the 1.0 CPS. (I'll do it as well if you don't do it > first.) Don't bother, I alread

Re: GeoTrust request for EV root inclusion

Eddy Nigg (StartCom Ltd.) wrote, On 2008-03-05 11:01: > Second I wonder what's the deal with Thawte's and GeoTrust's inclusion > requests. As Gerv mentioned yesterday, there are about 40 others in the > queue, why do they get a preferential treatment? Others wait for half a > year and more just

Re: GeoTrust request for EV root inclusion

Eddy Nigg (StartCom Ltd.) wrote: > Just scratching on the surface of this request and I have to make the > following observations: > > /The audit report (https://cert.webtrust.org/SealFile?seal=650&file=pdf > ) says: > > We have examinedduring the period from *July 21, 2007 through > Novem

Re: GeoTrust request for EV root inclusion

Frank Hecker: > GeoTrust has applied to add a new EV root CA certificate to the Mozilla > root store, as documented in the following bug: > >https://bugzilla.mozilla.org/show_bug.cgi?id=407168 > > and in the pending certificates list: > >http://www.mozilla.org/projects/security/certs/pendi

GeoTrust request for EV root inclusion

GeoTrust has applied to add a new EV root CA certificate to the Mozilla root store, as documented in the following bug: https://bugzilla.mozilla.org/show_bug.cgi?id=407168 and in the pending certificates list: http://www.mozilla.org/projects/security/certs/pending/#GeoTrust I have evalua