Re: DigiNotar EV root inclusion request

Sun, 27 Apr 2008 07:25:17 -0700 

Frank Hecker:
First, DigiNotar first submitted its request several months ago, at a time when its EV audit would have been current had I processed DigiNotar's application in a timely manner. 


...and you would be today in a situation where you would have to remove 
this CA already from EV status.



I'm not inclined to penalize DigiNotar for my own delays.

  



No, you only adhere to your own criteria. Who do you penalize here 
really (if they don't have an updated audit and not conform to the EV 
criteria)? Just adding them to have them removed?



First, based on my experience a lot of CAs have experienced delays in 
getting their EV audits completed and published. 


So? (Sorry for being nasty, but I want to get my point through to you ;-) )


I'm guessing that this 
has been primarily due to the large number of CAs wanting to get EV 
audits, and the limited number of auditors available to do them. You may 
also recall that the first batch of EV reports was not published on the 
webtrust.org site, apparently due to delays by the AICPA/WebTrust folks 
and/or the various auditors in setting up arrangements to incorporate EV 
reports into the standard WebTrust SealFile system. 



The seals are not required. We need the audits. Apparently auditing 
works without problems...



So in general I've been willing to give CAs some leeway in terms of the 
audit dates, and see no reason not to do so in this case.
  



Some leeway is fine, but don't forget that we need to be in sync at some 
point (better before FF3 gets out). I see a reason to insist this time 
because the audit is very old in terms of EV. They've got KPMG next 
door, so I don't see a reason why this should be a problem (and I know 
what I'm talking about). And you won't be alone, MS will pull their EV 
status as well if they haven't already (assuming there is no updated 
audit, otherwise all is fine).


--

Regards 


Signer:         Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber:         [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]>
Blog:   Join the Revolution! <http://blog.startcom.org>
Phone:          +1.213.341.0390



_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto























					Reply via email to