On 11/25/2007 11:49 AM, Eddy Nigg (StartCom Ltd.) wrote [in part]: > David E. Ross wrote: >> >> On further analysis, the second bullet under #6 in the policy needs to >> make clear that the CP and CPS must be public. Allowance could be made >> where content normally expected in either document is instead elsewhere, >> but that "elsewhere" must then be public. The current phrasing of that >> bullet leaves too much room for interpretation. >> > I don't think so really....: > > "*publicly disclose* information about their policies and business > practices (e.g., in a Certificate Policy and Certification Practice > Statement);" > > How more public should it be? I think the policy is pretty clear about > that point... >
This was the issue in contention in bug #368970. The CA wanted to keep its CPS confidential and not provide a copy to Mozilla, let alone place a copy on the Web for public view. See the bug comments starting at <https://bugzilla.mozilla.org/show_bug.cgi?id=368970#c13>. This appears unresolved in #368970. A literal reading of "publicly disclose information about their policies and business practices (e.g., in a Certificate Policy and Certification Practice Statement)" does not mean "yes, disclose EVERYTHING that belongs in a CP and CPS". Instead, it can easily mean something far less specific and far less detailed. -- David E. Ross <http://www.rossde.com/> Go to Mozdev at <http://www.mozdev.org/> for quick access to extensions for Firefox, Thunderbird, SeaMonkey, and other Mozilla-related applications. You can access Mozdev much more quickly than you can Mozilla Add-Ons. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
