On 10/14/13 4:35 AM, Rob Stradling wrote:
On 12/10/13 01:03, Kathleen Wilson wrote:
Please let me know if you notice any errors in the spreadsheet.
Thanks Kathleen. I've compared your updated spreadsheet to my records
and found the following errors in your spreadsheet...
Rob, Thank you for taking the time to compare the data and let me know
about the errors in my spreadsheet. I greatly appreciate it!
Please see my responses inline...
2 of the SHA-1 fingerprints are incorrect. The correct values are:
GeoTrust Universal CA:
E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79
GeoTrust Universal CA 2:
37:9A:19:7B:41:85:45:35:0C:A6:03:69:F3:3C:2E:AF:47:4F:20:79
Fixed.
PSCProCert: The OU "Superintendencia de Servicios de Certificacion
Electronica" should be "Proveedor de Certificados PROCERT".
("Superintendencia..." is the OU of the SUSCERTE Root Certificate, but
according to Bug #810010 "it was determined that SUSCERTE’s sub-CAs
should apply for inclusion themselves as separate trust anchors").
In the spreadsheet I've used:
Organization (O from Issuer Field)
and
Organizational Unit (OU from Issuer Field)
I chose to use the Issuer Field because some of the included trust
anchors (such as PSCProcert) are subCAs, but as you pointed out in some
cases we have requested that the subCAs apply for inclusion separately,
rather than including the root cert. In the cases where we've included a
subCA cert, it can be difficult to find the cert in the Certificate
Manager if the O of the Issuer Field is different from the O of the
Subject Field. (some subCA certs under evaluation for inclusion are like
this)
I would like to keep the Organization column as the O from the Issuer Field.
But I can change the Organizational Unit column to be the OU from the
Subject Field if that would be better.
Any opinions/preferences on this?
The Izenpe Root has 2 EV OIDs, but this one is missing:
1.3.6.1.4.1.14777.6.1.2
The "ValiCert Class 2 Policy Validation Authority" Root has 2 EV OIDs,
but this one is missing:
2.16.840.1.114414.1.7.23.3
I didn't think it was important to included the second EV OID.
If you think it is important to included the second EV OID, then should
I just put a comma and add the second one to each cell?
The KEYNECTIS "Class 2 Primary CA" Trust Bits are listed as "Website
Emai" (missing "l").
Fixed.
The "From" dates for these 3 Roots are 1 day out:
VeriSign Class 1 Public PCA – G2
VeriSign Class 4 Public PCA - G3
VeriSign Universal Root Certification Authority
The "To" dates for these 2 Roots are 1 day out:
GeoTrust Universal CA
GeoTrust Universal CA 2
Fixed. I also updated the column headings to specify GMT.
The CN "S-TRUST Authentication and Encryption Root CA 2005:PNS"
shouldn't have that "S" at the end.
The O "Agencia Catalana de Certificacio" is truncated. It should be
"Agencia Catalana de Certificacio (NIF Q-0801176-I)".
Fixed.
"VeriSign, Inc." - the double-quotes around this, and around the
associated OU fields, are unnecessary.
I prefer not to have the quotes, so I removed them.
Thanks!
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
