Frank Hecker:
One of the advantages of working with Gerv and (now) Kathleen is that it
forced me to write down more about the process of evaluating CA
requests. As part of my working with Kathleen I created an expanded
checklist of the information we gather (or should gather) in the course
of considering CA request to have roots included in Mozilla.
I've now put a draft version of that checklist on the Mozilla wiki:
http://wiki.mozilla.org/CA:Information_checklist
If anyone has any corrections or editions to the checklist please feel
free to edit the wiki page. Note that there are a number of places where
I'd like to add more technical description, e.g., names of relevant
certificate extensions, etc.
Frank, this looks very good! Before editing I wanted to make some minor
suggestions:
1.) IV/OV information should be included at all types of certificates.
Not sure if this is nitpicking, but IV can be applied to server certs,
OV also to S/MIME and code.
Server typically includes:
DV
DV+IV
DV+OV
DV+EV
S/MIME typically includes:
MV
MV+IV
MV+IV+OV (note CN=IV,O=OV)
Code typically includes:
IV
OV
IV+OV
2.) Suggest to add a reference and information about EV auditing, when
the yearly audit is typically performed and the audit statements issued.
3.) In relation to sub roots and cross signed roots I suggest to request
which CP/CPS applies to the relevant roots.
That what I can see so far, perhaps there will be some more...keeping
this page on my desktop for a while.
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
