Hi Rob, Ian has answered all of your questions. I'll just add a supplemental answer to question 3.
On Wed, Sep 10, 2008 at 4:48 AM, Rob Stradling <[EMAIL PROTECTED]> wrote: > > 3. Chrome on Windows appears to rely on the certificates found in the > Microsoft Trusted Root Certificate Store, but has its own list of EV > Policy OIDs (in net/base/ev_root_ca_metadata.cc). Having done that, > why didn't you use the EV Policy OID metadata built in to the > Microsoft Trusted Root Certificate Store instead of creating your own > list? I wrote the current code in net/base/ev_root_ca_metadata.cc before someone told me about a paper that reverse-engineered the EV policy OID metadata built in to the Windows system certificate store: http://www.keyon.ch/de/News/Faking%20Extended%20Validation%20SSL%20Certificates%20in%20Internet%20Explorer%207%20V1.1b.pdf I'm planning to rewrite our code to use the Windows built-in EV policy OID metadata following the info in that paper, but haven't got around to that. I'd appreciate it if you could send us the instructions, or just confirm that the info on how to get the EV policy OID metadata in that paper is correct. Wan-Teh --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-dev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-dev?hl=en -~----------~----~----~----~------~----~------~--~---
