On 11/7/07, Eddy Nigg (StartCom Ltd.) [EMAIL PROTECTED] wrote:
I'd like to know if this is a root which already exists in the NSS or is
chained to an existing root in NSS or if this is a new root entirely.
I believe this is a new root entirely. If it is chained to an existing root in
NSS, we
Frank Hecker wrote:
I've received a request from the NSS development team that I approve
inclusion of the VeriSign EV root CA certificate in the new version of
NSS to be included in Firefox 3, so that developers and others may test
out the new EV-related functionality in NSS and Firefox 3 beta
Frank Hecker wrote:
Wan-Teh Chang wrote:
On 11/7/07, Eddy Nigg (StartCom Ltd.) [EMAIL PROTECTED] wrote:
I'd like to know if this is a root which already exists in the NSS or is
chained to an existing root in NSS or if this is a new root entirely.
I believe this is a new root
Eddy Nigg (StartCom Ltd.) wrote:
Frank, the best test might be, if you could point us to a site signed by
the root in question. We could simply follow the chain up to the CA root
already in NSS.
I gave an example already in my previous message:
https://www.fnac.com/. https://www.paypal.com/
Frank Hecker wrote:
However the general changes to be made to the policy are
clear, even if the language is final,
s/final/not final/
Frank
--
Frank Hecker
[EMAIL PROTECTED]
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
Frank Hecker wrote:
Eddy Nigg (StartCom Ltd.) wrote:
Check out this page:
http://www.mozilla.org/projects/security/certs/included/
It seems there are some CAs which would issue from an EV enabled root.
Yes, those are CAs that indicated to Gerv that they would be issuing EV
Eddy Nigg (StartCom Ltd.) wrote:
Check out this page:
http://www.mozilla.org/projects/security/certs/included/
It seems there are some CAs which would issue from an EV enabled root.
Yes, those are CAs that indicated to Gerv that they would be issuing EV
certs. I haven't yet checked these to
Date: Wed, 07 Nov 2007 22:35:32 +0200
From: Eddy Nigg (StartCom Ltd.) [EMAIL PROTECTED]
Subject: Re: Inclusion of VeriSign EV root in Firefox 3 betas for
testing
To: Frank Hecker [EMAIL PROTECTED]
Cc: dev-tech-crypto@lists.mozilla.org
Frank Hecker wrote:
Eddy Nigg (StartCom Ltd.)
Hi Andrews,
Andrews, Rick wrote:
Web servers with a VeriSign EV cert are configured with the end entity
cert and two intermediate CAs: the EV CA and a cross-signed cert.
If so, wouldn't it be better to formally include the new (EV) root in
NSS in its own right instead of using the cross signed
Eddy,
Yes, I think we need to include the new EV root in NSS, as well as our
older PCA3 root. Web servers still need to be configured with the
intermediate and cross-signed certs so that older browsers that only
know about the older PCA3 root see the EV cert as chaining up to that
trusted root.
Frank Hecker wrote:
Eddy Nigg (StartCom Ltd.) wrote:
Frank, the best test might be, if you could point us to a site signed by
the root in question. We could simply follow the chain up to the CA root
already in NSS.
I gave an example already in my previous message:
On 11/7/2007 8:26 AM, Frank Hecker wrote [in part]:
I've received a request from the NSS development team that I approve
inclusion of the VeriSign EV root CA certificate in the new version of
NSS to be included in Firefox 3, so that developers and others may test
out the new EV-related
David E. Ross wrote:
Will this be done only for testing purposes? Or will the certificate be
included in an end-user release without further analysis? Or will the
certificate be subjected to analysis per the final policy revision
before end-user release?
My intention is to go back and
Andrews, Rick wrote:
No problem at all. I'll see if I can do it this afternoon.
Excellent!
--
Regards
Signer: Eddy Nigg, StartCom Ltd. http://www.startcom.org
Jabber: [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED]
Blog: Join the Revolution! http://blog.startcom.org
Phone:
No problem at all. I'll see if I can do it this afternoon.
From: Eddy Nigg (StartCom Ltd.) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 07, 2007 2:54 PM
To: Andrews, Rick
Cc: dev-tech-crypto@lists.mozilla.org
Hi Rick,
Would there be any problem with Verisign making a formal inclusion
request for the root(s) in question?
Andrews, Rick wrote:
Eddy,
Yes, I think we need to include the new EV root in NSS, as well as our
older PCA3 root. Web servers still need to be configured with the
Hi Frank,
Frank Hecker wrote:
My apologies for the long delay in responding to your message. I am now
ready to take up this issue again, and hope to conclude it soon.
Relax, I'm kinda used to it from you ;-)
I agree that section 7 is a good place for this (since EV practices
primarily
The certificates are usually supplied as an attachment to the bug and
also a URL location provided. I think there are some other things
missing as well, but the responsible person will catch up with you for
whatever is missing at the bug.
In any case it's great that you submitted the request!
Eddy Nigg (StartCom Ltd.) wrote:
Frank Hecker wrote:
snip
Your implication here is that the CAB Forum EV guidelines can be used
as stand-alone guidelines comparable to the other criteria referenced
in section 8 (WebTrust for CAs, ETSI TS 101 456 and 102 242, and ANSI
X9.79). I'm not
Andrews, Rick wrote:
BTW, Step 14 on the CA certificate policy page
(http://www.mozilla.org/projects/security/certs/policy/) says 'a CA
should submit a formal request by submitting a bug report into the
mozilla.org Bugzilla system, filed against the CA Certificates
component of the
Nelson B Bolyard wrote:
Frank, In the past, Gerv rejected all CA cert requests that did not
originate from a representative of the CA itself, citing the policy.
By honoring a request to include the Verisign CA cert, which request did
not originate with a representative of the CA, this is an
Eddy Nigg (StartCom Ltd.) wrote:
Frank Hecker wrote:
I've received a request from the NSS development team that I approve
inclusion of the VeriSign EV root CA certificate in the new version of
NSS to be included in Firefox 3, so that developers and others may test
out the new EV-related
22 matches
Mail list logo