Eddy Nigg wrote:
According to Frank, he has reviewed the audit reports which isn't
public. This might be a problem.
No, I previously posted about that. I don't like having a private audit
report, but it was not SECOM Trust's fault (or even its auditor's fault,
IIRC). The final issue from my point of view was verifying with the
auditors that the report was indeed genuine, which Kathleen and Gen did.
From my perspective there are no further issues preventing approval of
SECOM Trust for inclusion.
Also because SecomTrust apparently doesn't use an OCSP responder and
isn't required to do so for another year, Firefox has no way to check
the certificates status. Firefox intends to treat such certificates as
non-EV at least as I understood. This might be another problem.
As such there should be an answer in this respect in order to add the
SecomTrust EV root or have them correct whatever needs to be corrected.
I've already discussed this with Johnathan, and IIRC we agreed to
decouple the issue of approving EV CAs for inclusion and EV enabling
(which is a policy issue) with the issue of how those CAs are handled
for the purposes of the Firefox EV UI. I trust Johnathan, Kai, and
others to make sensible technical decisions about how to handle EV CAs
not yet supporting OCSP.
So I'm going to go ahead and formally approve SECOM Trust's request for
inclusion and for EV enabling. Kathleen, could you post a summary to bug
394419 and then ping me for final approval?
Frank
--
Frank Hecker
hec...@mozillafoundation.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto