On 2/10/2009 12:06 PM, Frank Hecker wrote: > Yannick LEPLARD wrote: >> Unfortunately, CPS are not published (they described internal technical and >> organizational measurements) > > I acknowledge your comment that ETSI TS 102 042 does not require the CPS > to be published. However we depend on public documents to document the > exact claims that CAs make and whether these meet our policy > requirement. So this causes a problem for us when we do not have access > to CPSs and related documents. > > If you cannot publish the CPS because it contains private information, I > suggest as an alternative that you provide some sort of official > Certigna document that summarizes the portions of the CPS that are of > most interest to us (i.e., those relating to validation of subcriber > information). > > Frank >
THANK YOU!! That was indeed the point of my earlier comment. However, not only should they provide some alternative documentation but also that documentation should be considered during the required audit. -- David E. Ross <http://www.rossde.com/> Go to Mozdev at <http://www.mozdev.org/> for quick access to extensions for Firefox, Thunderbird, SeaMonkey, and other Mozilla-related applications. You can access Mozdev much more quickly than you can Mozilla Add-Ons. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
