C.J. Adams-Collier wrote: > * Date of last audit For CAs approved under the new regime, this information is tracked informally as text in their approval notice, plus also you can click through to their WebTrust etc. statement to see.
> * Auditor profile What is that, exactly? > * Canonical domain Yes - see the list of pending/added CAs. > * URL of CRL Yes - see the list of pending/added CAs. > Does the Mozilla Foundation do heartbeat checks on all CAs at regular > intervals? No. > Is there any infrastructure in place to remove non-responsive CAs or CAs > which fail audits? No; although we assume that if a CA failed an audit, someone would let us know pretty quickly. I have requested an RSS feed of changes to their approved list from WebTrust, but it hasn't happened. > Does the Mozilla Foundation accept complaints about misuse of certs issued > by CAs which have been approved for inclusion? Yes. > Is there somewhere else I should be asking these questions? No :-) Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
