Security:EV: Difference between revisions

Jump to navigation Jump to search

Security:EV (view source)

Revision as of 14:26, 10 April 2007

148 bytes added ,  10 April 2007
→‎Contra
Line 31: Line 31:
* Wildcard certificates are not allowed, which leads to further income for commercial CA´s, but it does not provide real security value.
* Wildcard certificates are not allowed, which leads to further income for commercial CA´s, but it does not provide real security value.
* D6a3: The OID´s (1.3.6.1.4.1.311.60.2.1.1, ...) which are referenced in the Guideline are from Microsoft, and are not documented properly: http://asn1.elibel.tm.fr/cgi-bin/oid/display?oid=1.3.6.1.4.1.311.60.2.1.3&submit=Display&action=display
* D6a3: The OID´s (1.3.6.1.4.1.311.60.2.1.1, ...) which are referenced in the Guideline are from Microsoft, and are not documented properly: http://asn1.elibel.tm.fr/cgi-bin/oid/display?oid=1.3.6.1.4.1.311.60.2.1.3&submit=Display&action=display
* B3a2C: In the current versionof the EV Guidelines, only registered organisations are allowed to receive EV certificates, all other kinds of organiations are left out
* B3a2C: In the current versionof the EV Guidelines, to ensure high quality vlaidation of subscriber data, only registered organisations are allowed to receive EV certificates.  The CA/Browser Forum will expand the EV Guidelines to include indviduals and unregistered businesses in a future version when appropriate vetting steps and privacy protection can be addressed.
* E12b2 demands a protection of private keys, but there is no possibility for anyone besides a developer to actually do that.
* E12b2 demands a protection of private keys, but there is no possibility for anyone besides a developer to actually do that.
* E12b2 only demands the maintaining of the secrecy of the private key, but forgets the initial secrecy. This is a bad, but common practice.
* E12b2 only demands the maintaining of the secrecy of the private key, but forgets the initial secrecy. This is a bad, but common practice.
* E12b2 Proof-of-Non-Possession is missing
* E12b2 Proof-of-Non-Possession is missing
* K36 Privacy does not seem to be a major topic for EV
* K37 is likely problematic. (Systemic flaws like Man-in-the-Browser could be a problem here)
* K37 is likely problematic. (Systemic flaws like Man-in-the-Browser could be a problem here)
* AppendixB2c: Privacy issues regarding OCSP over HTTP aren´t being taken care of
* AppendixB2c: Privacy issues regarding OCSP over HTTP aren´t being taken care of
Sdavidson
4

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/54278"

Navigation menu