SECOM Trust EV root inclusion request

Fri, 05 Dec 2008 22:35:14 -0800

Per the CA schedule (for which I need to update dates), the next CA on the list for public comment is SECOM Trust, which has applied to add a new root CA certificate to the Mozilla root store and enable it for EV, as documented in the following bug: 

  https://bugzilla.mozilla.org/show_bug.cgi?id=394419

and in the pending certificates list here:

  http://www.mozilla.org/projects/security/certs/pending/#SECOM%20Trust
Note that SECOM Trust has one (non-EV) root already in the Mozilla root list; this is for a new root created specifically for EV use. 

Some quick comments regarding noteworthy points:
* Like some other CAs, SECOM Trust has cross-signed its EV root using its existing root. However the plan is to EV-enable only the EV root, leaving the existing root as is. This is consistent with the approach we've taken in other cases, and as far as I know this should work fine in terms of EV certificate recognition.
* SECOM Trust doesn't currently support OCSP. OCSP is not (yet) mandatory for EV, so this is not an issue from a policy perspective. IIRC this will not pose a technical problem either, as long as EV certs issued by SECOM Trust don't have an AIA extension with OCSP URL.
* SECOM Trust had one caveat on their EV audit, having to do with their not performing certain background checks on staff. As noted in Kathleen Wilson's summary document (attached to the bug), this is apparently a side-effect of Japanese laws and regulations, and not a substantive problem.
I suggest reading Kathleen's summary document to get an overview of this request; thanks again to Kathleen for preparing these!
For this request and subsequent requests I'm going to adopt a suggestion made by Eddy a little while back: Rather than having a two-week discussion period divided into two phases, I'm going to have a single one-week discussion period. After that week, if there are no outstanding issues relating to the request then I am going to go ahead and officially approve it.
However if there are outstanding issues that in my opinion are relevant, then I'm going to postpone further consideration of the request. This will allow time to try to get the issues resolved, after which we can start a new public discussion period. 

Frank

--
Frank Hecker
[EMAIL PROTECTED]
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to