Security:EV

From MozillaWiki
Revision as of 23:12, 12 February 2007 by Eddyn (talk | contribs) (→‎Pro)
Jump to navigation Jump to search

Introduction

The goal of this document is, to assist current discussions about Extended Validation (EV) SSL certificates as proposed by the CA/Browser forum. Here we try to collect, structure and organize various aspects, arguments and solutions concerning the proposed guidelines and what this means for Mozilla at large and the Firefox Browser in particular.

Discussions are held mostly at the Mozilla Dev-Security mailing list. Before editing this page it is suggested to use the talk/discussion page and propose the addition/change.


Arguments

Pro

  • The EV guidelines removes proprietary procedures by current certification authorities and provides a unified standard.
  • The EV guidelines proposes higher validation of the organization and subscriber of the certificate.
  • Please extend this list...

Contra

  • The CA/Browser forum is mainly an interest group of commercial certification authorities.
  • The EV guidelines can be diluted and changed over time, making them less effective.
  • Audit procedures of the CAs can currently only be performed by four audit firms authorized by Webtrust, no real alternatives exist.
  • Please extend this list...

Proposals

14:38, 12 February 2007 (PST)

Retrieved from "https://wiki.mozilla.org/index.php?title=Security:EV&oldid=48927"