I live in the Baltimore/Washington area and work for the government sales group of IronKey. For more about me and what I'm doing, see the “Personal” section of this site and my blog.

Entries for April 2005

Mozilla CA certificate policy submitted for consideration

I have just submitted a Mozilla CA certificate policy 1.0 release candidate to the Mozilla Foundation and mozilla.org staff for consideration as an official 1.0 policy. This version of the policy is basically the draft 12 version with two changes:

  • I explicitly marked the policy as a release candidate.
  • I made a minor change to the last sentence in clause 7 to clarify the meaning of the sentence. ...

Draft 12 of Mozilla CA certificate policy

I've just posted a new draft 12 of the proposed Mozilla CA certificate policy, and absent strong objections plan to submit this to the Mozilla Foundation for approval as a 1.0 policy. The two substantive changes in this draft are as follows:

  • To address some of the concerns expressed about CAs issuing "duff" certificates (defined loosely as certificates that are dubious from a security or technical point of view) I've expanded clause 4 to add examples of certificate-related problems that might cause us to reject a CA's application for inclusion or to consider removing an already-included CA certificate.

  • To address a concern about certificates of different "assurance levels" being issued under the same CA root (or intermediate), I've added a new clause 13 that recommends CA consider using separate root or intermediate CAs when issuing certificates according to different policies. ...