C.J. Adams-Collier wrote: > Organization contact information; certificate of authenticity; certifying > body; name, birth date, governmental ID, blood type, gender of all > personnel; you know... the usual :)
We have some of this - see the list. http://www.mozilla.org/projects/security/certs/pending/ http://www.mozilla.org/projects/security/certs/included/ > Is there a central location where this is all published? If so, can I have > a url? I'm curious. See above. >>> Does the Mozilla Foundation do heartbeat checks on all CAs at regular >>> intervals? >> No. > > It seems to me that this should be done at least prior to each official > release... What checks are you envisaging? Making sure the website is still up? > How often do audit failures get reported? I don't know of a CA which has ever failed an audit, probably because they make darn sure they pass. > Does the Mozilla Foundation keep > up on audit scores? Are audits scores reported in such a way that it can be > determined how a CA is trending, better or worse than the audit before? No. It's pass/fail, at least for WebTrust and ETSI. Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
