First of all, i would like to express my astonishment about the
discussion phase.
It sounds like Mozilla's discussion "how to evaluate the CAs /
changes to do in the benchmarks " rather than a Certigna discussion.
We asked for inclusion in Mozilla on 2007 (august).
Mozilla agrees with ETSI 102 042 (like Apple and Microsoft. We are in
these two systems).
There was a long technical verification phase made by three people :
Gervase Markham, Frank Hecker, and Kathleen Wilson.
And now, it seems to be a reconsideration of ETSI 102 042.
About CP /CPS :
I think a public CP and a audit of compliance with a reference norm
(like ETSI, WebTrust, ... ) provide garantees to third party.
CPS and other internal documents are checked by auditors (and they
control that the company do what is written !).
They contain know-how of the company (technical and organizational
measurements), and don't have to be published.
Yannick LEPLARD
Directeur R&D
20, allée de la râperie
59650 Villeneuve d'Ascq
tél. : 03 20 79 24 09
fax. : 03 20 34 20 52
www.dhimyotis.fr
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
