Il giorno domenica 22 febbraio 2015 08:11:40 UTC+1, Peter Gutmann ha scritto: > Framarti <[email protected]> writes: > > >i'm working for a company that is issuing trusted SSL OV certificates as a > >subsidiary CA. I was thinking about becoming a trusted root CA in order to > >get rid of the fees per each issued certificate to be given to actual root > >CA. > > > >2 - Submission to a third party Audit (i.e. vs WebTrust program, baseline and > >for publicly trusted certificates); > > Depending on where you're starting from, that step is going to cost you > somewhere around a million dollars and take at least a year of work to get > through. That buys you an awful lot of certificates from a commercial CA at > $5/year. > > Peter.
mmm i don't think it's the correct amount. As long as i know, obtaining a report (and relative seals) for Baseline v.2.0 and SSL criteria 2.0 should cost you around 100K dollars. Obviously not considering the money needed to fill any eventually emerged gaps from the standards (i.e. buying HSMs). If i didn't understand you, please correct me. Francesco _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
