Eddy Nigg wrote: > On 12/27/2008 05:10 PM, Michael Ströder: >> Frank Hecker wrote: >>> (Plus the expense of a full WebTrust for >>> CAs audit is likely an order of magnitude higher than Certstar's >>> probable revenues.) >> >> It's Comodo's business decision whether they delegate some tasks to an >> external RA or not and whether the revenues are worth it. That's IMO out >> of scope for Mozilla and its policy regarding trusted root CA certs. >> > > Certainly! I don't think Frank implied that (if he would, I'd have some > suggestions to make ;-) ), but simply stated the fact that RAs are not > CAs and hence can't perform themselves a WebTrust for CAs audit. They > could be audited nevertheless by an audit firm to a different set of > criterion of course.
I meant the RA should also be audited during the CA audit. Ciao, Michael. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
