Getting CASTLE Root into trust stores #22
-
|
Will there be an attempt to get the CASTLE Root certs into the various trust stores operated by Mozilla, Google, Apple, Microsoft, Oracle and Adobe? Or will there be an attempt to get them cross signed by Root CAs already in these trust stores? Without either approaches the CASTLE Root will not be widely recognised to be usable. Asking a recipient of a signed email or signed document to trust a Root CA is not very scalable. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Honestly, at this moment we do not foresee this point. Root programs require anual audits based on WebTrust or ETSI specs, which barely costs 5k-100k/year. This is something that we are studying carefully, as we do not have any partnership to support this cost. Nevertheless, we are always open to discuss new ways to expand secure internet to email. |
Beta Was this translation helpful? Give feedback.
Honestly, at this moment we do not foresee this point. Root programs require anual audits based on WebTrust or ETSI specs, which barely costs 5k-100k/year. This is something that we are studying carefully, as we do not have any partnership to support this cost.
Plus, obtaining a cross signed CA (like IdenTrust did with LE) requires an anual audit, I guess.
Nevertheless, we are always open to discuss new ways to expand secure internet to email.