Robin Alden: > From Frank's most recent reply I accept the reason for the consideration of > all aspects of our operation, but perhaps that separation should be made > more clear between those matters we are discussing here which are relevant > to the EV enabling of our roots within (what we hope to be) a short > timescale and those matters which pertain to the future direction of DV > which we are prepared to discuss but which are not intrinsically linked to > the EV issue. >
I think that there is only a technical problem, should Mozilla decide that your EV business is completely acceptable, but consider your non-EV business not. I indeed believe that your CA is entitled to receive EV status for the roots which were audited for that and I also believe that there are some problematic points with your non-EV policies. I think that your willingness to address the DV related issues and find an acceptable solution could only confirm your seriousness. Such a commitment would be certainly viewed as a positive step and remove opposition to the proposed upgrade. The problem I'm seeing right now is, which isn't a problem of yours per se, that if Mozilla approves the upgrade to EV status, your CA roots will receive further anchors in the software, making it even more difficult to receive the cooperation I'm seeking on the issues, not speaking about any possible "sanction" pretty useless. Currently EV status implies the roots to be also trusted for regular certificates which is a limitation of NSS. Effectively, because Frank has called this to be a general review and inclusion of your CA roots and after having your CA approved, there wouldn't be many reasons for you to make any changes whatsoever, except in case Frank would make the approval conditional in some form. More than that, after this process completes, your CA roots are accepted in NSS not as legacy roots from the Netscape era, but as roots which performed a thorough inclusion process based on the Mozilla CA policy. -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto