I have specific question to a preferred setup of a EV SSL server PKI and how the user experience will be. The setup is the following: Assume that a EV compliant primary root cert of CA X is accepted and preinstalled in Firefox 3.x (FF3). The hierarchi is now CA X PCA root | +- CA X SSL Issuing CA | +- SSL server cert for www.domain.com I guess that this is a setup without any problems and that FF3 shows it as a EV cert as long as the issued SSL cert include the CA's reported EV policy OID? Ever if the PCA also has non-EV subCA's? For the purpose of being backwards compatible with legacy browsers the CA X PCA will now obtain a subcertification from a widely recognised CA Y (e.g. Entrust.net) and the SSL server cert customers will be encouraged to install the path CA Y | +- CA X PCA root | +- CA X SSL Issuing CA | +- SSL server cert for www.domain.com How does the browser resolve the path and does the user still experience the EV cert as an EV cert. Best regards Peter Lind Damkjaer PKI Analyst DanID A/S Olof Palmes Allé 36, NS-28 DK8200 Aarhus N Denmark Tel. +45 66 67 67 11 Mobile +45 29 46 40 27 Email [EMAIL PROTECTED] Web www.danid.dk
_______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
