Nelson B Bolyard:
Those criteria are independent of the browser or application that uses them.
There isn't a "Mozilla EV criteria" and a separate "IE EV criteria" and
"Opera EV criteria".
Correct, however it's the browsers which must govern the re-auditing.
Actually this is the *ONLY* thin
Eddy Nigg (StartCom Ltd.) wrote, On 2008-04-27 07:08:
> Then there is only one answer for this: *The EV criteria!* Apply the EV
> guidelines according to what it says.
Those criteria are independent of the browser or application that uses them.
There isn't a "Mozilla EV criteria" and a separate "I
Eddy Nigg (StartCom Ltd.):
I don't view this as a problem which would prevent us from
implementing the controls needed. I'd go for the date of the audit as
the date of expiry (plus 365 days, which makes sense since we don't
expect another audit report before one year has past from the current
Frank Hecker:
The problem is that while the EV guidelines contain an explicit
requirement for annual audits, they don't dictate things like the length
of the grace period that browser vendors should give CAs once their
audits expire.
In fact, it's not even clear from the EV guidelines exact
Eddy Nigg (StartCom Ltd.) wrote:
> Frank Hecker:
>> I agree with your general point, namely that we should start doing
>> better tracking of audit dates, particularly for EV audits. However I
>> don't know at this point what would be appropriate in terms of setting
>> timeframes for when an audi
And just another note here:
EV was touted by Mozilla (various press releases, interviews etc) as an
improvement in terms of security for the upcoming Firefox 3 browser.
People will see "GREEN" and trust in that. However in my opinion, there
can't be a situation where Mozilla doesn't follow thr
Frank Hecker:
I agree with your general point, namely that we should start doing
better tracking of audit dates, particularly for EV audits. However I
don't know at this point what would be appropriate in terms of setting
timeframes for when an audit would be considered to be out of date.
D
Eddy Nigg (StartCom Ltd.) wrote:
> The extended validation (EV) criteria requires yearly re-auditing of the
> CA. Without this requirement a CA does not conform to the EV criteria. I
> wanted to ask, how we at Mozilla govern this requirement, which
> procedures are in place for receiving and rev
Hi All,
The extended validation (EV) criteria requires yearly re-auditing of the
CA. Without this requirement a CA does not conform to the EV criteria. I
wanted to ask, how we at Mozilla govern this requirement, which
procedures are in place for receiving and reviewing the yearly audit
report
9 matches
Mail list logo
