Re: Making changes to Included CAs spreadsheet

Tue, 15 Oct 2013 03:01:54 -0700 

On 14/10/13 18:52, Kathleen Wilson wrote:
<snip>

PSCProCert: The OU "Superintendencia de Servicios de Certificacion
Electronica" should be "Proveedor de Certificados PROCERT".
("Superintendencia..." is the OU of the SUSCERTE Root Certificate, but
according to Bug #810010 "it was determined that SUSCERTE’s sub-CAs
should apply for inclusion themselves as separate trust anchors").


In the spreadsheet I've used:

Organization (O from Issuer Field)
and
Organizational Unit (OU from Issuer Field)

I chose to use the Issuer Field



Ah, so you have.  I guess I didn't pay close enough attention to what 
those column headings actually said!



because some of the included trust
anchors (such as PSCProcert) are subCAs, but as you pointed out in some
cases we have requested that the subCAs apply for inclusion separately,
rather than including the root cert. In the cases where we've included a
subCA cert, it can be difficult to find the cert in the Certificate
Manager if the O of the Issuer Field is different from the O of the
Subject Field. (some subCA certs under evaluation for inclusion are like
this)

I would like to keep the Organization column as the O from the Issuer
Field.


I see.  Makes sense.


But I can change the Organizational Unit column to be the OU from the
Subject Field if that would be better.

Any opinions/preferences on this?


No preference.


The "Common Name or Certificate Name" column is probably enough to 
identify the cert that's actually included.



The Izenpe Root has 2 EV OIDs, but this one is missing:
1.3.6.1.4.1.14777.6.1.2

The "ValiCert Class 2 Policy Validation Authority" Root has 2 EV OIDs,
but this one is missing:
2.16.840.1.114414.1.7.23.3


I didn't think it was important to included the second EV OID.


Those second EV OIDs are no less valid than the first EV OIDs.  ;-)


If you think it is important to included the second EV OID, then should
I just put a comma and add the second one to each cell?


Yes please.

<snip>

--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy






















					Reply via email to