On 11/2/09 21:29, Eddy Nigg wrote:
On 02/11/2009 07:12 PM, David E. Ross:
However, the last sentence should be modified to say:
* All documents supplied as evidence should be publicly available and
must be addressed in any audit.
I don't have (don't want) an account to update the Wiki.
I agree on this definition. Is there anybody objecting to it? (I can
update the page accordingly).
I object.
All documents supplied to Mozilla is within a Mozilla context.
Audit does an audit context. The two are different. Don't mix them;
most all audits are done according to defined audit criteria, such as
WebTrust or ETSI or DRC.
Asking an auditor to sign off on random documents that have nothing to
do with the criteria, the audit world and the direct process raises
questions. I would claim that no (or few) auditors to date has been
asked to verify a CA according to Mozilla review.
If you want "evidence" quality documents then ask for a notary?
iang
PS: I for one would definately champion rewriting the WebTrust process
but this is not the way to do it.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
