Eddy Nigg (StartCom Ltd.) wrote:
> Even though the Comodo request has been approved, I wonder about two
> additional points which you haven't addressed at all:
>
> The first is about having CA roots with wrong details in NSS, like
> companies which effectively don't exist anymore (AddTrust AB, U
Frank Hecker wrote:
> Comodo has applied to (among other things) add a new EV root CA
> certificate for the COMODO Certification Authority to the Mozilla root
> store, as documented in the following bug:
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=401587
> I have evaluated this request,
Frank Hecker wrote:
> This is a followup to my previous message about Comodo's application to
> add a new EV root CA certificate. Comodo also has requested enabling
> three existing roots, AddTrust External CA Root, UTN - DATACorp SGC, and
> UTN-USERFirst-Hardware, for EV use, and also marking al
Frank Hecker:
>
> I don't want to go off on a tangent, but I think the Skype model is more
> significant than you think.
There is a problem that nobody knows what encryption this is and which
keys are involved and who has access to these keys etc.
Skype is fine for me, but I wouldn't exchange an
Even though the Comodo request has been approved, I wonder about two
additional points which you haven't addressed at all:
The first is about having CA roots with wrong details in NSS, like
companies which effectively don't exist anymore (AddTrust AB, UTN),
location (Sweden, Utah) and other inf
Eddy Nigg (StartCom Ltd.) wrote:
> Frank Hecker:
>> (As a side note, based on my experience with and reading about
>> industry dynamics, I think that advances in PKI-related technologies
>> are much more likely to occur in new protocols and new products than
>> in mainstream cases like browsing
Frank Hecker:
> Gervase Markham wrote:
>
>> The EV distinction is clear. And EV exists precisely because the line
>> between DV and IV/OV is fuzzy, and it would have been very difficult to
>> correctly discern the difference programmatically.
>>
>
> This is a key point worth emphasizing.
Frank Hecker:
> Eddy Nigg (StartCom Ltd.) wrote:
>
>> Yes, this is a good argument in favor of EV and EV is exactly intended
>> for that. Just a pity the rest of the public PKI is left broken, no
>> matter what the reasons are (by design, lack of interest, commercial
>> interests, etc), becau
Gervase Markham wrote:
> The EV distinction is clear. And EV exists precisely because the line
> between DV and IV/OV is fuzzy, and it would have been very difficult to
> correctly discern the difference programmatically.
This is a key point worth emphasizing. We use the terms "IV" and "OV",
bu
Gervase Markham wrote:
> Frank Hecker wrote:
>> It's a reasonable proposal, and we did look into doing this.
>> Unfortunately there are .com domains and perhaps other non-.kr domains
>> with certs issued by CAs in the KISA-rooted hierarchy. This is not
>> unique to KISA and Korea either AFAIK.
Eddy Nigg (StartCom Ltd.) wrote:
> Yes, this is a good argument in favor of EV and EV is exactly intended
> for that. Just a pity the rest of the public PKI is left broken, no
> matter what the reasons are (by design, lack of interest, commercial
> interests, etc), because there is more to prote
Gervase Markham:
> Eddy Nigg (StartCom Ltd.) wrote:
>
>> Currently the ratio of EV certs is below 1% of overall SSL secured web
>> sites. If EV doesn't get a significant market share, your priorities
>> might have been wrong and we should have addressed other issues as well.
>>
>
> I don
Kyle Hamilton wrote:
> Please tell me how to completely disable all Mozilla Foundation
> included CAs without having to individually change the trust settings
> on all of them? I can't trust Mozilla's certificate policy to protect
> my interests -- I can't trust Mozilla's policy to ensure that
> s
Frank Hecker wrote:
> It's a reasonable proposal, and we did look into doing this.
> Unfortunately there are .com domains and perhaps other non-.kr domains
> with certs issued by CAs in the KISA-rooted hierarchy. This is not
> unique to KISA and Korea either AFAIK.
I personally think that, if
Eddy Nigg (StartCom Ltd.) wrote:
> Currently the ratio of EV certs is below 1% of overall SSL secured web
> sites. If EV doesn't get a significant market share, your priorities
> might have been wrong and we should have addressed other issues as well.
I don't really have the bandwidth to dive i
15 matches
Mail list logo