Eddy, I apologize if I'm misinterpreting your response to Paul's last comment, but I think you are suggesting that Mozilla could "hold a CA to doing something" that is 'currently in the 'problematic practices'" wiki page, purely because that wiki page is a document that is (you allege) "presented to every CA for a while already".
If that is what you are saying, I disagree with you. The wiki page clearly says (capitalization mine)... - "POTENTIALLY problematic CA practices". - "we do NOT NECESSARILY consider them security risks". - "Some of these practices MAY be addressed in future versions of the policy". If Mozilla want to "hold a CA to doing something", then IMHO the first step towards achieving this has to be to update the Mozilla CA Certificate Policy to explicitly cover that "something". The wiki page discusses *possible* *future* policy only. On Saturday 10 January 2009 20:10:35 Eddy Nigg wrote: > On 01/10/2009 08:59 PM, Paul Hoffman: > > That's absurd. You can't hold a CA to doing something that we don't > > document. > > Just a by-note on this one...It doesn't have to be in the CA Policy, but > may be also in some by-laws or as we have it currently in the > "problematic practices". This document is presented to every CA for a > while already, so the CAs know about it, even if it's not part of the > policy itself. > > Perhaps a better mechanism regulating these aspects might be useful too. -- Rob Stradling Senior Research & Development Scientist Comodo - Creating Trust Online Office Tel: +44.(0)1274.730505 Fax Europe: +44.(0)1274.730909 www.comodo.com Comodo CA Limited, Registered in England No. 04058690 Registered Office: 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to the e-mail containing this attachment. Replies to this email may be monitored by Comodo for operational or business reasons. Whilst every endeavour is taken to ensure that e-mails are free from viruses, no liability can be accepted and the recipient is requested to use their own virus checking software. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
