Frank Hecker:
Note that there was an issue with DigiNotar's EV audit because at the
time its production CA software did not have the necessary features to
issue EV certificates; the software has since been upgraded and
DigiNotar has since successfully issued EV certificates.
In relation to that and after reviewing the audit report I suggest to
request from DigiNotar an updated audit report confirming current
implementations and assertion. The audit report is from December 2006
covering a period before that. That was way before EV was approved final
and before DigiNotar implemented and issued EV themselves. Since yearly
re-auditing is a requirement of the EV guidelines (and also Microsoft
requires that, supposed that their CA root is shipped with MS software),
I expect this to be not an issue.
As a matter of fact, according to the EV criteria, DigiNotar must have a
newer audit report already ready and I suggest to carefully review this
issue. Should no re-audit have taken place, then DigiNotar is not
conforming to the EV criteria and must not receive EV status in NSS.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto