Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
mozilla.dev.security.policy
Message from discussion CABforum BR defines a 3-tier cert system. What does the browser do with that info?

View parsed - Show only message text

Received: by 10.68.227.230 with SMTP id sd6mr3269955pbc.8.1333108734093;
        Fri, 30 Mar 2012 04:58:54 -0700 (PDT)
Path: z9ni18541pbe.0!nntp.google.com!news2.google.com!Xl.tags.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!local2.nntp.dca.giganews.com!nntp.mozilla.org!news.mozilla.org.POSTED!not-for-mail
NNTP-Posting-Date: Fri, 30 Mar 2012 06:58:53 -0500
Return-Path: <pos...@giganews.com>
X-Original-To: mozilla-dev-security-pol...@lists.mozilla.org
Delivered-To: mozilla-dev-security-pol...@lists.mozilla.org
X-Virus-Scanned: amavisd-new at mozilla.org
Received-SPF: softfail (giganews.com: Sender is not authorized by default to
	use 'pos...@giganews.com' in 'mfrom' identity, however domain
	is not currently prepared for false failures (mechanism '~all'
	matched)) receiver=notorious.mozilla.org; identity=mailfrom;
	envelope-from="pos...@giganews.com";
	helo=mailstar.serv4.aus.datafoundry.com; client-ip=209.99.125.42
X-Authentication-Warning: serv3.gc.dca.giganews.com: news set sender to
	pos...@giganews.com using -f
Date: Fri, 30 Mar 2012 14:58:43 +0300
From: Eddy Nigg <eddy_n...@startcom.org>
Organization: StartCom Ltd.
User-Agent: Mozilla/5.0 (X11; Linux i686;
	rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2
MIME-Version: 1.0
Subject: Re: CABforum BR defines a 3-tier cert system. What does the browser
	do with that info?
References: <mailman.17464.1332772176.31724.dev-security-policy@lists.mozilla.org>
	<mailman.17696.1332843839.31724.dev-security-policy@lists.mozilla.org>
	<SIudnToQ3d6tAOzSnZ2dnUVZ_hOdnZ2d@mozilla.org>
	<mailman.17713.1332850913.31724.dev-security-policy@lists.mozilla.org>
	<mailman.18329.1333106612.31724.dev-security-policy@lists.mozilla.org>
In-Reply-To: <mailman.18329.1333106612.31724.dev-security-policy@lists.mozilla.org>
X-DF-Seen-By: ms
X-AuthenticatedUsername: NoAuthUser
X-DMCA-Complaints-To: ab...@mozilla.org
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint
	properly
X-Postfilter: 1.3.40
Newsgroups: mozilla.dev.security.policy
To: mozilla-dev-security-pol...@lists.mozilla.org
X-BeenThere: dev-security-pol...@lists.mozilla.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Discussion of security-related policies, governance, and related
	topics; and responsibility for the Mozilla CA certificate policy."
	<dev-security-policy.lists.mozilla.org>
List-Unsubscribe: <https://lists.mozilla.org/options/dev-security-policy>,
	<mailto:dev-security-policy-requ...@lists.mozilla.org?subject=unsubscribe>
List-Post: <mailto:dev-security-pol...@lists.mozilla.org>
List-Help: <mailto:dev-security-policy-requ...@lists.mozilla.org?subject=help>
List-Subscribe: <https://lists.mozilla.org/listinfo/dev-security-policy>,
	<mailto:dev-security-policy-requ...@lists.mozilla.org?subject=subscribe>
Approved: dev-security-pol...@lists.mozilla.org
Message-ID: <mailman.18335.1333108733.31724.dev-security-pol...@lists.mozilla.org>
Lines: 26
X-Usenet-Provider: http://www.giganews.com
NNTP-Posting-Host: 63.245.208.166
X-AuthenticatedUsername: NoAuthUser
X-Trace: sv3-NbVPy/YHqQr/dvPLBRZlI4mIFoHSKhp2nqd7E9i3XrIM2Zfp+DNl+KZ1s3YJrk/Ei2d1StYAG7H9r1H!P7rOlix2w1QdHqnBXGKd2Oxms+XlZKOFT2ikhA8KOBz5CGGsyrxFOixbnxqfC/tFkWRQjFRJkKDc!MSqMOl+eH1VPYHD8LkSHYhGkIrSWAhLHAkAhUrziZabZrw==
X-Complaints-To: ab...@mozilla.org
X-DMCA-Complaints-To: ab...@mozilla.org
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
X-Original-Bytes: 4513
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

On 03/30/2012 02:23 PM, From Gervase Markham:
> If it were possible to standardize OV appropriately and at a decent 
> level of validation in a single paragraph, we wouldn't have bothered 
> doing EV at all.

With this attitude we'll be probably forced to work towards 
lowering/changing the requirements of EV to the extend so that we can 
comfortably use our OV procedures to sign EV certificates.

I'd prefer a higher standard and requirements for EV and have sane and 
reasonable OV procedures in place as well, but the current "EV and all 
the rest" categorization does neither reflect reality nor is it really 
helpful for the relying parties.

In my and many others opinion, the BR provides reasonable requirements 
and standardization of identity and organization validation. Also for 
domain control validation of course.

-- 
Regards

Signer:  Eddy Nigg, StartCom Ltd.
XMPP:    start...@startcom.org
Blog:  	 http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google