Good demo, thanks. I checked that you are using Startfield EV OID in Startfield name root and in Amazon name root, means you are using the transferred root's EV OID. But I checked your CPS that don't state this point, please advise, thanks.
Best Regards, Richard -----Original Message----- From: Peter Bowen [mailto:pzbo...@gmail.com] Sent: Friday, March 10, 2017 2:16 PM To: Richard Wang <rich...@wosign.com> Cc: Ryan Sleevi <r...@sleevi.com>; Gervase Markham <g...@mozilla.org>; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Google Trust Services roots On Wed, Mar 8, 2017 at 10:14 PM, Richard Wang <rich...@wosign.com> wrote: > Why we setup one EV OID for all roots is that we use the same policy > for all EV SSL certificate no matter it is issued by which root. The > policy OID is unique ID > > If Google use the GlobalSign EV OID, and GlobalSign also use this EV OID, > this means two companies use the same policy? > > It is better to do a test: Google issue a EV SSL certificate from this > acquired root using the GlobalSign EV OID, then check every browser's UI > display info, to check if that info will confuse the browser users. Richard, I'll make this easier: Go to https://good.sca1a.amazontrust.com/ and https://good.sca0a.amazontrust.com/ in Safari and Microsoft IE/Edge. Tell me which CA issued the certificates for those sites. (Note that we don't send SCTs on those sites right now, so they aren't treated as EV in Chrome, and we are still pending for EV in Mozilla) Thanks, Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
