Hi David, David E. Ross wrote: > Not only should Mozilla not accept classified audits. We should also > put that into the formal policy. I think this is already covered by the Mozilla CA policy under section 6:
/provide attestation of their conformance to the stated verification requirements and other operational criteria by a competent independent party or parties with access to details of the CA's internal operations./ If the attestation and/or relevant criteria is secret/classified, then the CA can't comply to the Mozilla CA policy. > Where classifying an audit makes sense > (e.g., for a military CA) > Also this is covered in some form I guess, because section 6 also states: /provide some service _relevant to typical users_ of our software products/ ...which in your example above hardly can be the case... ;-) -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
