David E. Ross wrote: > On 11/25/2007 11:49 AM, Eddy Nigg (StartCom Ltd.) wrote [in part]: > >> David E. Ross wrote: >> >>> On further analysis, the second bullet under #6 in the policy needs to >>> make clear that the CP and CPS must be public. Allowance could be made >>> where content normally expected in either document is instead elsewhere, >>> but that "elsewhere" must then be public. The current phrasing of that >>> bullet leaves too much room for interpretation. >>> >>> >> I don't think so really....: >> >> "*publicly disclose* information about their policies and business >> practices (e.g., in a Certificate Policy and Certification Practice >> Statement);" >> >> How more public should it be? I think the policy is pretty clear about >> that point... >> >> > > This was the issue in contention in bug #368970. The CA wanted to keep > its CPS confidential and not provide a copy to Mozilla, let alone place > a copy on the Web for public view. See the bug comments starting at > <https://bugzilla.mozilla.org/show_bug.cgi?id=368970#c13>. This appears > unresolved in #368970. > OK! Since this CA hasn't been considered yet for inclusion and no discussion has been opened yet I assume that this is one of the issues holding them back (maybe there are others). Once it comes up we can have a look at it...one CA at the time please ;-) > A literal reading of "publicly disclose information about their policies > and business practices (e.g., in a Certificate Policy and Certification > Practice Statement)" does not mean "yes, disclose EVERYTHING that > belongs in a CP and CPS". Instead, it can easily mean something far > less specific and far less detailed. > > > As far as me concerns the Mozilla CA policy says it crystal clear. I wouldn't worry yet about it...
-- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
