EV-enabled Startcom and Trustcenter, updated Public Suffix list to v1.3
By Yngve Nysæter Pettersenyngve. Thursday, December 9, 2010 4:02:50 PM
The Rootstore repository has been updated with two CAs being EV-enabled:
- Startcom/StartSSL, an Israeli CA added in July. General test site. Test site for Opera 11.00.1133+
- TrustCenter, a German CA. Test site
The reason there is a specific 11.00 test site for Startcom is that, up until now, Opera has implemented a restriction on the relative key sizes for the certificates in an EV certificate chain. The rule was that an intermediate CA certificate had to use a key that had at least as many bits as the key being signed.
The primary reason for this rule was to make the CA keys a harder target than the web site's key, but unfortunately this policy have caused some issues in the past, including the Startcom site, and we are now removing the policy as of Opera 11.00.1133. Earlier versions of Opera will, for example, not display Startcom's page as having an EV certificate, while Opera 11 now will do so.
Public Suffix v1.3
We recently discovered that we had lagged behind the current state of Mozilla's Public Suffix List. The reason turned out to be that the URL for the changelog RSS feed I had originally subscribed to had changed.
This new update contain adjustments to many TLDs, as well as adding initial entires for a number of new internationalized (IDN) TLDs such as for China, Egypt and Russia.
As usual, an unsigned version is available from our source repository.