Eddy Nigg (StartCom Ltd.) wrote:
Sorry? Gerv, please open a bug at bugzilla with the request to remove
all CA certificate from the NSS certificate store on the grounds, that
there is no auditing to make sure the CA was honest in terms of doing
the correct amount of verification.
I'd like to. But instead we have EV, which has a guaranteed minimum
level of verification.
But EV is backed up by audit. Eddy's proposal is not.
Utter nonsense! All CAs get audited according to their policies and
practices.
Yes. As I've explained several times (and as you know) they are audited
to make sure they comply with whatever their policies are. They are
*not* audited to make sure there's a minimum level of validation. And
you don't propose to change this. So that's what I mean when I say EV is
backed up by audit, and your proposal is not.
Gerv
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
