Eddy Nigg (StartCom Ltd.) wrote:
Currently the ratio of EV certs is below 1% of overall SSL secured web
sites. If EV doesn't get a significant market share, your priorities
might have been wrong and we should have addressed other issues as well.
I don't really have the bandwidth to dive
Kyle Hamilton wrote:
Please tell me how to completely disable all Mozilla Foundation
included CAs without having to individually change the trust settings
on all of them? I can't trust Mozilla's certificate policy to protect
my interests -- I can't trust Mozilla's policy to ensure that
Eddy Nigg (StartCom Ltd.) wrote:
Yes, this is a good argument in favor of EV and EV is exactly intended
for that. Just a pity the rest of the public PKI is left broken, no
matter what the reasons are (by design, lack of interest, commercial
interests, etc), because there is more to protect
Gervase Markham wrote:
Frank Hecker wrote:
It's a reasonable proposal, and we did look into doing this.
Unfortunately there are .com domains and perhaps other non-.kr domains
with certs issued by CAs in the KISA-rooted hierarchy. This is not
unique to KISA and Korea either AFAIK.
I
Frank Hecker:
Gervase Markham wrote:
The EV distinction is clear. And EV exists precisely because the line
between DV and IV/OV is fuzzy, and it would have been very difficult to
correctly discern the difference programmatically.
This is a key point worth emphasizing. We use the
Eddy Nigg (StartCom Ltd.) wrote:
Frank Hecker:
(As a side note, based on my experience with and reading about
industry dynamics, I think that advances in PKI-related technologies
are much more likely to occur in new protocols and new products than
in mainstream cases like browsing SSL web
Frank Hecker:
I don't want to go off on a tangent, but I think the Skype model is more
significant than you think.
There is a problem that nobody knows what encryption this is and which
keys are involved and who has access to these keys etc.
Skype is fine for me, but I wouldn't exchange
Frank Hecker wrote:
Comodo has applied to (among other things) add a new EV root CA
certificate for the COMODO Certification Authority to the Mozilla root
store, as documented in the following bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=401587
snip
I have evaluated this request,
Eddy Nigg (StartCom Ltd.) wrote:
Even though the Comodo request has been approved, I wonder about two
additional points which you haven't addressed at all:
The first is about having CA roots with wrong details in NSS, like
companies which effectively don't exist anymore (AddTrust AB, UTN),
9 matches
Mail list logo
