Kyle Hamilton: > On Tue, Apr 1, 2008 at 11:15 AM, Frank Hecker > <[EMAIL PROTECTED]> wrote: > >> In the thawte case you cite, thawte changed its practices to start >> issuing DV certs from a CA hierarchy not previously used for that, but >> its practices were still within boundaries outlined in our policy (which >> does allow issuance of DV certs). So I don't really see a security issue >> here in terms of how this would affect typical users. >> >> > > Great. I certainly hope this is an April Fool's joke
At least I hope that you enjoyed the other one about some free CA roots ;-) > > What extension exists to mark a certificate as being DV? What > extension exists to mark a certificate as being intermediate > validation? > None (yet). > How can I, as a user, determine if a certificate is DV versus IV or OV > or EV without having to fight the user interface to find the > information? > In the FF3 UI you can differentiate between EV and all the rest. It sucks, I know. But that's what the CAs and the browser vendors could agree upon. There were obviously many different considerations involved... > I've seen DV certs being used on sites that ask for commercial > information. The problems exist Yes, absolutely. It exists and it's a problem. Telling to use and only trust EV is not realistic. At StartCom we try to give some indications by using different intermediate CA certificates arranged to different Class levels (1-3) and by using special indicators in the O or OU field. > -- and you're hiding behind a > (demonstrably broken and problem-laden) policy to ignore all the > problems. > Mozilla isn't the (only) one to blame here, but first of all the industry itself. Mozilla could however lead in the absence of better definitions and implement its own standards which could be adopted by the industry. I believe that it could work and I made a few proposals during the EV discussions. I believe this is still possible and EV could be a part of it. > So, I want to opt out of relying on your policy, and I want to opt out > of these strictures which serve only to maintain the dominance of a > market sector which exists only for the purposes of extortion from > people who want to try to do the Right Thing[tm]. I think all you need is to remove one shared library. Forgot which one... -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
