On 2/2/16 2:46 PM, Kathleen Wilson wrote:
All,
Many thanks to those of you who reviewed and commented on this request
to include the "Hellenic Academic and Research Institutions RootCA 2015"
and "Hellenic Academic and Research Institutions ECC RootCA 2015" root
certificates, and enable the Websites and Email trust bits for both roots.
I did not find any show stoppers in this discussion, so I think it is
fine to proceed with the inclusion process and track the update to
HARICA's CP/CPS separately. Does anyone disagree?
Are there any further concerns, questions, or comments for HARICA CA
before I close this discussion and recommend approval of their request
in the bug?
To summarize this discussion:
1) HARICA plans to update their CP/CPS in May-June of this year, and
incorporate the updates that they indicated in this discussion. I plan
to track that action item in parallel of the inclusion process.
2) Dimitris provided further information about how HARICA performs
domain validation, but I do not expect them to modify the validation
rules in their CP/CPS until after the BRs are updated in this regards.
3) There was a separate discussion regarding the output of the certlint
tests that found that these new root certificates have serial number 00.
That sparked discussion in the CAB Forum, which I think will address
this moving forward. I believe this is not a show stopper for this
particular root inclusion request.
Therefore, it is my intention to close this discussion and recommend
approval in the bug.
Please let me know if I missed anything that needs to be address before
moving forward with approval of this request.
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
