Eddy Nigg (StartCom Ltd.) wrote: > Just scratching on the surface of this request and I have to make the > following observations: > > /The audit report (https://cert.webtrust.org/SealFile?seal=650&file=pdf > ) says: > > We have examined....during the period from *July 21, 2007 through > November 30, 2007*, Verisign has-- > > / > > * /Disclosed its key and certificate life cycle management business > and information privacy practices in its: > - GeoTrust Certification Practice Statement for....*EV*...dated > *January 31, 2008*/
Is your concern that the CPS is dated after the audit? First, feel free to ask in the bug what changes were made between the audit and the date of publication of the 1.0 CPS. (I'll do it as well if you don't do it first.) Second, it's not unusual at all in my experience for CAs to have a published CPS (which we use in evaluating them) which is later than the CPS current at the time of the audit. I don't think you need to invoke the monopoly argument to explain this. > Second I wonder what's the deal with Thawte's and GeoTrust's inclusion > requests. As Gerv mentioned yesterday, there are about 40 others in the > queue, why do they get a preferential treatment? I have been putting a priority on evaluating EV requests vs. non-EV requests. These are not new requests (they were made soon after I solicited EV-related requests) but I only recently started work on them and solicited any remaining information to fill out the pending list. In the meantime I worked on a few other EV requests from CAs that don't have dominant market share. (More later, I have to run out for an emergency errand...) Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
