On 11 fév, 05:16, Frank Hecker <hec...@mozillafoundation.org> wrote: > Eddy Nigg wrote: > > On 02/10/2009 10:06 PM, Frank Hecker: > >> If you cannot publish the CPS because it contains private information, I > >> suggest as an alternative that you provide some sort of official > >>Certignadocument that summarizes the portions of the CPS that are of > >> most interest to us (i.e., those relating to validation of subcriber > >> information). > > > That would be a precedent too which I wouldn't recommend. We really want > > to know what was audited, don't we? > > See my comment to David Ross. > > Frank > > -- > Frank Hecker > hec...@mozillafoundation.org
I don't really understand what's the matter This CA has obtained ETSI TS 102042 certification from LSTI. I've found the information at http://www.lsti-certification.fr/index.php?option=com_content&view=article&id=55&Itemid=15 This company has an agreement from COFRAC the official french committee of accreditation. The COFRAC has published an audit guide for CA audits. So, I suppose that these auditors have done their job according to this guide which is in my opinion very exhaustive. So I wonder why some people here want to investigate so deeply... Pascal MERLIN Consultant en sécurité www.auditiel.fr -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
