Eddy, > The problem I'm seeing right now is, which isn't a problem of yours per > se, that if Mozilla approves the upgrade to EV status, your CA roots > will receive further anchors in the software, making it even more > difficult to receive the cooperation I'm seeking on the issues, not > speaking about any possible "sanction" pretty useless. Currently EV > status implies the roots to be also trusted for regular certificates > which is a limitation of NSS. > [Robin said...] Perhaps my problem then is understanding the process at all. You seem to suggest that once our application for EV status is approved we somehow become immune to changes in your CA policy. Why do you feel that Mozilla has no control over the CAs other than at the point of approval of a change? The CA Policy says otherwise. Or are you saying that your (collective) influence over CA policy is not what you might hope for but that you can get concessions from individual CAs at the point of approval?
If I agree to accept a restriction on a product of ours, can you explain the method that propagates that restriction to the other CAs? Regards Robin _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
