Re: Sorting through EV root CA requests

Tue, 22 Jan 2008 07:42:05 -0800 

Frank Hecker wrote:
In this case I am saying that if the draft EV guidelines and WebTrust criteria are pretty much equivalent in terms of security impact, then we should consider accepting the draft as well as final as acceptable, at least on an interim basis. (For example, we could revise our policy to deem the draft guidelines and criteria as acceptable for CA requests submitted prior to a certain date.)
I lost track at some point before the final was published. But of course I understood your point... 


All I am concerned about is the difference in the criteria and 
guidelines as published, i.e., draft 11 of the EV guidelines vs. the 1.0 
guidelines, and the WebTrust EV draft criteria vs. the final criteria; 
these documents are all on the cabforum.org site. However don't feel 
obligated to work through these yourself; I believe there are others on 
this list who have more first hand experience in the differences between 
the draft and  final versions, and can answer this question without 
needing to do lots of research. As implied above, IMO the key question 
is whether the differences are such as to make a significant difference 
in security as far as our users are concerned.
  

Right! I'd prefer if somebody else would pick this up...so I have the 
feeling we could have had this conversation also in private instead the 
mailing list...with about the same effect ;-)



Johnathan Nightingale is our main de facto representative since Gerv had 
to cut back his CA-related activities.
  

Without offending, but does Johnathan has the right background for this? 
I don't know, but if I remember right his specializations are in 
different fields...



Let me think about which requests would be most fruitful to work on 
first, and get back to you later today.
  


OK, excellent!

--

Regards 


Signer:         Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber:         [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]>
Blog:   Join the Revolution! <http://blog.startcom.org>
Phone:          +1.213.341.0390





Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto






















					Reply via email to