On 2/13/2009 11:52 AM, Eddy Nigg wrote: > On 02/13/2009 09:36 PM, Ben Bucksch: >> FWIW, this is irrelevant. *We* require the ETSI. We can also require >> additional requirements, like that the CPS is published. >> >>> or you have to add a new policy or practices point which says that >>> regardless of ETSI, the CPS must be published. >> It already states: >> "6. We require that all CAs whose certificates are distributed with our >> software products: >> ... >> * publicly disclose information about their policies and business >> practices (e.g., in a Certificate Policy and Certification Practice >> Statement);" >> >> "14. To request that its certificate(s) be added to the default set a CA >> should submit a formal request by submitting a bug report >> <https://bugzilla.mozilla.org/enter_bug.cgi?product=mozilla.org&component=CA%20Certificates> >> into the mozilla.org Bugzilla system ... >> ... >> * a Certificate Policy and Certification Practice Statement (or links to >> a CP and CPS) /or/ equivalent disclosure document(s) for the CA or CAs >> in question; /and/" >> >> To me, that reads that the CPS (or whatever other document publishes the >> practices, no matter how it's called, therefore the "equivalent" >> wording) *must* be public. > > > Re-reading once again, I think you are right! Putting into question if > it's called CPS or otherwise is really nit-picking! > > "publicly disclose information about their policies and business > practices" clearly says what it's meant to be, call it however you want. > The audit requirement makes the context also clear. It's what we > expected really. > > Hence I think too that the Mozilla CA policy is clear in its > requirements in this respect. > >
The key point is that whatever CA policy and practices documents satisfy the Mozilla policy must be addressed in the CA's audit. -- David E. Ross <http://www.rossde.com/> Go to Mozdev at <http://www.mozdev.org/> for quick access to extensions for Firefox, Thunderbird, SeaMonkey, and other Mozilla-related applications. You can access Mozdev much more quickly than you can Mozilla Add-Ons. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
