On 13/1/09 10:16, Eddy Nigg wrote:
Before Mozilla yanks any root (which isn't something Mozilla does for fun really), Mozilla will confront the CA with the concern and assumed risk concerning the practice of the CA. - Mozilla will give the CA reasonable time to address the concern - where "reasonable" really depends on the severity and scope. - The CA may have the opportunity to convenience Mozilla also otherwise. - The CA should present its proposal about how it intends to address the concern raised. - Should the proposal be acceptable to Mozilla, Mozilla will follow its implementation. - Should the CA fail for whatever reason - by preference even - to address the issue, Mozilla will propose a dead-line and remove the root thereafter. A CA may clearly decide that it's not going to address the concern of Mozilla and prefer to have the root removed. Or Mozilla may change its mind after understanding the counter-argument of the CA.
Sorry, where is this documented? It looks unfamiliar and unworkable to me.
Which reminds me....we need to start re-confirmation of EV audit statements soon to make sure they are up-to-date.
! iang _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
