>Seems to me that this is another case where we're having problems
>because we're using a term ("CPS") which is widely understood, but
>for which more than one meaning exists. As long as we continue to
>use it without defining it, we will have problems of people seeming
>to agree, but having different understandings of what they've agreed
>upon, resulting in apparent breaches of the agreement down the road.
That seems true, but...
>Maybe we should stop using the term CPS, and invent our own term and
>define it carefully in the policy.
If you are talking about a report from a CA that assists Mozilla in determining
whether or not the CA should be admitted to (or continue to be included in) the
Mozilla trust anchor pile, then a new name is indeed a good idea.
>I've never seen a definition of
>the term "CPS" anyway.
RFC 3647.
>My understanding of its meaning is based on
>having read various documents that claim to be CPSes.
No. Start at RFC 3647. The rest are instatiations.
>I think that's
>true for many people.
Possibly true, but not actually a problem.
>So Let the definition of this term we coin be
>exactly what we require in a document, or set of documents, for
>purposes of admitting a CA to the list.
>
>Is that a way forward?
Yes.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
