On 05/03/2009 10:06 AM, Ian G:
(2), there exists a standard need in audits to discuss disaster recovery. Curiously, this does not appear to be documented anywhere, draw your own speculations....
It's usually addressed in internal CA documentations and audited accordingly. Disaster recovery is certainly part of the usual audits, root compromise is such a disaster IMO.
(4) no review of existing grandfathered roots has been done.
That's not entirely correct, legacy CAs which requested EV enabled had to go through the process as if they were new roots. See also the current thread of Verizon/Cybertrust.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
