On 2/15/2006 5:22 AM Manuzhai spoke thusly
> there are other CA's mentioned as Processing which don't have an audit.
>
I don't personally see a problem with requiring a third-party audit of
the CA. In fact, I think that's a good thing. I do, however, think
that there should be a review of all certificates/CAs currently included
in Firefox/Thunderbird to ensure that they have all undergone a
third-party audit of some kind (WebTrust or otherwise). And after all
the stuff that has happened, I wouldn't even be opposed to pulling the
Verisign root cert out of Mozilla products until they can provide
publicly accessible and third-party confirmed/audited proof that they
have changed whatever went wrong that caused the issues.
I can't provide documentation proving my capabilities, otherwise I
would be more than willing to do an audit on CACert. I have an
understanding of PKI, how CAs work, and cryptology, but since I can't
provide proof of it, I'm out of it as far as the requirements given by
Frank are concerned. As Kyle asked, I would be interested in seeing
some sort of Mozilla Foundation sanctioned "certification" that lets me
know if I meet their qualifications. If I talk to the CACert folks and
they did let me do the audit, but then I didn't meet the qualifications,
all would be for nought and its a waste of time on CACert and my part.
--
Tyler "Tristor" Duzan
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
