This is a broader comment on the Mozilla CA policy. If the desire is to include security reviews that are equivalent to a WebTrust audit, then for reviews against technical standards like ETSI the policy should require annual reviews as well as provide more detail on what comprises a "Competent Party" (is it an auditor with professional obligations, or simply someone who's been around the block?).
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
