On 13/2/09 00:22, Eddy Nigg wrote:
On 02/12/2009 09:11 PM, Ian G:
Once the CA desk decides that is how it is, after consultation, that's
how it is. Frank held the line against requiring publication, and I for
one will support that against the steamrolling.
But there were calls made by David and me (others would perhaps join)
that in the absence of a published CPS, any information provided instead
of the lacking CPS must be confirmed by the auditor.
Yes, calls exist for that.
If I understand
Franks position, this is exactly what he proposed as well in the
Certigna case. So we have agreement.
No, firstly, David suggested this:
* All documents supplied as evidence should be publicly available and
must be addressed in any audit.
So that is an expansion from "extracts confirmed by auditor" to "re-do
the audit if anything is missing, at least over that document."
Secondly, Frank proposed two alternatives, one of which would require
auditor confirmation.
Hence, my other email posting the various nuances available, and my
comment about using the auditor as notary (in the European concept not
the anglo sense).
So where I see Frank's proposal is something like the below, pt 2.
Now, do we really need a discussion about how to agree? Feel free, but
we should use our energy and time for other efforts, like reviewing the
next CA in the queue.
Yes, browbeating. One writes longer than everyone else, and changes or
forgets the points of the opposition. One wins statistically, short
term, but loses reputation over the long run. It's very costly in
everyone's time.
Then, let's call a halt to discussion and refer the alternatives to Frank:
1. * All documents supplied as evidence should be publicly available
and must be addressed in any audit.
2. * Any substantial ommissions submitted afterwards may need to be
confirmed by auditor, at Mozilla's discretion.
3. Or?
iang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
