-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-08-28 15:23, Robert Kaiser wrote:
Carlos E. R. schrieb:
But according to what the mozilla people say, there are no degrees of certification because PKI doesn't allow it.
Well, there is a difference between normal and extended verification (EV) certs. The latter need an even more thorough audit and a tighter certification process where the CA verifies the actual identity and not just domain ownership like they do for normal certs.
That's good. But as far as I understand, FF doesn't say that by clicking on the security icon on the address bar.
Note that the criteria for CAs and their audits are all laid down in https://www.mozilla.org/en-US/about/governance/policies/security-group/certs...
Yes,
on the bugzilla they were commenting that they were deciding on the policy. It was not yet decided about #50, by which I got tired of reading... Thanks for posting the link.
and CACert was to date not able to conclude an independent audit (they started it but never finished) as required by the policy, esp. it's "Applying for Inclusion..." part.
I understand. But the problem to me, as user, is that if I manually add the root certificate for cacert, I don't have a manner when going to a page certified by them to easily see that it is not a high grade certified page. All pages look the same... - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlP/MdAACgkQtTMYHG2NR9XcygCfSIuQTQRNoMDNetJ/Fnt/3avp e80AniC3wJWAvO2Il8wkAeanmAsxwHAQ =TgV/ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org