Alaric Dailey wrote:
> There were CAs approved in the past with non-webtrust audits much older then
> that. Just see http://hecker.org/mozilla/ca-certificate-list
As a point of fact, that list is not a list of approved CAs, it's a list
of applications.
Gerv
__
Kaspar Brand wrote:
> > Alaric Dailey wrote:
> > I'd like to remind the participants, that StartCom has already one CA
root
> > in the NSS store which was approved less then a year ago:
> That doesn't imply everything was perfect with this application at that
> time. Have you ever seen a roo
Merely commenting on matters of fact:
Kaspar Brand wrote:
> That doesn't imply everything was perfect with this application at that
> time. Have you ever seen a root certificate with a nonRepudiation
> keyUsage extension? Yes, Startcom's current one does have that... Or,
> what RSA key size would
Alaric Dailey wrote:
> I'd like to remind the participants, that StartCom has already one CA root
> in the NSS store which was approved less then a year ago:
That doesn't imply everything was perfect with this application at that
time. Have you ever seen a root certificate with a nonRepudiation
ke
[EMAIL PROTECTED] wrote:
> David would you be comfortable if all the 70+ CAs in the root store
> dropped their well-regulated WebTrust audits and went with security
> reviews like this one? That'd be fun to administrate.
>
> Part of the reason that Mozilla should want audits to be done by real
>
I'd like to remind the participants, that StartCom has already one CA root
in the NSS store which was approved less then a year ago:
https://bugzilla.mozilla.org/show_bug.cgi?id=289077#c18
The StartCom CA is also included in Apple and KDE, based on the same audit.
This is a request for an addition
David would you be comfortable if all the 70+ CAs in the root store
dropped their well-regulated WebTrust audits and went with security
reviews like this one? That'd be fun to administrate.
Part of the reason that Mozilla should want audits to be done by real
auditors is that those specialists ha
[EMAIL PROTECTED] wrote:
> This is a broader comment on the Mozilla CA policy. If the desire is
> to include security reviews that are equivalent to a WebTrust audit,
> then for reviews against technical standards like ETSI the policy
> should require annual reviews as well as provide more detail
[EMAIL PROTECTED] wrote:
> This is a broader comment on the Mozilla CA policy. If the desire is
> to include security reviews that are equivalent to a WebTrust audit,
> then for reviews against technical standards like ETSI the policy
> should require annual reviews
We plan to do a round of upda
> should require annual reviews as well as provide more detail on what
> comprises a "Competent Party" (is it an auditor with professional
> obligations, or simply someone who's been around the block?).
I fully agree, and consider this the fundamental issue with this
particular inclusion request (
This is a broader comment on the Mozilla CA policy. If the desire is
to include security reviews that are equivalent to a WebTrust audit,
then for reviews against technical standards like ETSI the policy
should require annual reviews as well as provide more detail on what
comprises a "Competent Pa
11 matches
Mail list logo
