On Nov 30, 2007 11:45 AM, Gervase Markham <[EMAIL PROTECTED]> wrote: > C.J. Adams-Collier wrote: > > * Date of last audit > > For CAs approved under the new regime, this information is tracked > informally as text in their approval notice, plus also you can click > through to their WebTrust etc. statement to see. > > > * Auditor profile > > What is that, exactly? >
Organization contact information; certificate of authenticity; certifying body; name, birth date, governmental ID, blood type, gender of all personnel; you know... the usual :) > > > * Canonical domain > > Yes - see the list of pending/added CAs. > Is there a central location where this is all published? If so, can I have a url? I'm curious. > > * URL of CRL > > Yes - see the list of pending/added CAs. > > > Does the Mozilla Foundation do heartbeat checks on all CAs at regular > > intervals? > > No. > It seems to me that this should be done at least prior to each official release... > > > Is there any infrastructure in place to remove non-responsive CAs or CAs > > which fail audits? > > No; although we assume that if a CA failed an audit, someone would let > us know pretty quickly. I have requested an RSS feed of changes to their > approved list from WebTrust, but it hasn't happened. > How often do audit failures get reported? Does the Mozilla Foundation keep up on audit scores? Are audits scores reported in such a way that it can be determined how a CA is trending, better or worse than the audit before? > > > Does the Mozilla Foundation accept complaints about misuse of certs > issued > > by CAs which have been approved for inclusion? > > Yes. > > > Is there somewhere else I should be asking these questions? > > No :-) > Oh, good :) > > Gerv C.J. -- moo. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
