<snip>http://thewhir.com/marketwatch/xra021105.cfm
"Certificate authority XRamp (xramp.com) announced on Wednesday that it is now offering the industry's only 256-bit digital SSL certificates."
It doesn't seem their communication can be called anything but deceitful, and I'm seriously afraid mozilla.org must be very careful in order not to be seen as having endorsed it.
How would mozilla.org (or, more correctly, the Mozilla Foundation and/or the Mozilla project as a whole) be seen as having endorsed XRamp's marketing claims? We simply approved their CA cert for inclusion, based on their successful completion of a WebTrust audit (as discussed in bug 273189); this is no more or no less than we would have done for any other CA in the same position. (And I might add the Microsoft has also approved XRamp for inclusion in Windows/IE, for the exact same reasons.)
But you do raise a useful point: Maybe I ought to add a section in the draft CA cert policy noting that inclusion of a CA's certificate does not constitute endorsement of the CA's marketing claims, etc. I'll think about this.
Frank
-- Frank Hecker [EMAIL PROTECTED] _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
