I've received a request from the NSS development team that I approve inclusion of the VeriSign EV root CA certificate in the new version of NSS to be included in Firefox 3, so that developers and others may test out the new EV-related functionality in NSS and Firefox 3 beta releases.
Unless anyone has strong and principled objections I'm going to approve this request. Note that this doesn't constitute final approval of VeriSign for Extended Validation purposes, since we don't yet have a final version of the new Mozilla CA certificate policy that addresses EV certificates. However the general changes to be made to the policy are clear, even if the language is final, and to my knowledge VeriSign comes as close to satisfying the proposed revised policy as any other CA. This includes updating practices to conform to the final 1.0 version of the CAB Forum guidelines, as noted in the most recent relevant CPS: http://www.verisign.com/repository/CPS/VeriSignCPSv3.5.pdf (See Appendices B1 through B4.) Note that I don't want to unfairly put VeriSign at an advantage vis-a-vis other CAs in terms of EV support in the Firefox 3.0 final release. Therefore my priority is to get the 1.1 revision of the Mozilla CA certificate policy in place as soon as possible and proceed immediately to consider other CAs who have EV roots they'd like to include. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto