[EMAIL PROTECTED] wrote: > This is a broader comment on the Mozilla CA policy. If the desire is > to include security reviews that are equivalent to a WebTrust audit, > then for reviews against technical standards like ETSI the policy > should require annual reviews
We plan to do a round of updates to the policy when the current backlog has been cleared. One of the suggestions that has been made is to put a maximum time limit on re-audit. I have filed https://bugzilla.mozilla.org/show_bug.cgi?id=381850 to track this issue. > as well as provide more detail on what > comprises a "Competent Party" (is it an auditor with professional > obligations, or simply someone who's been around the block?). Could you be more specific about what is deficient in section 9 of the policy? http://www.mozilla.org/projects/security/certs/policy/ Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
