To all of my knowledge most questions can be answered with no. Except I
guess complaints will be take in any form, including this mailing list.
C.J. Adams-Collier wrote:
> Hey folks,
>
> Do we keep track of CA metadata such as:
>
> * Date of last audit
> * Auditor profile
> * Canonical domain
> *
Hey folks,
Do we keep track of CA metadata such as:
* Date of last audit
* Auditor profile
* Canonical domain
* URL of CRL
Does the Mozilla Foundation do heartbeat checks on all CAs at regular
intervals?
Is there any infrastructure in place to remove non-responsive CAs or CAs
which fail audits?
On Nov 26, 2007 9:14 AM, Frank Hecker <[EMAIL PROTECTED]> wrote:
>
> My personal preference would be to create this document first (because
> I think it's badly needed), and then to see which parts of the document
> might make sense to include in the policy itself. (Note that we could
> also inco
Gervase Markham wrote:
> Jean-Marc Desperrier wrote:
>
>> Maybe it would be adequate to require that the CA applies a policy that
>> lowers the risk of homograph spoofing attacks.
>>
>
> I've actually opposed this in the past. Homograph spoofing avoidance
> policies are the domain of reg
Jean-Marc Desperrier wrote:
> Maybe it would be adequate to require that the CA applies a policy that
> lowers the risk of homograph spoofing attacks.
I've actually opposed this in the past. Homograph spoofing avoidance
policies are the domain of registries, not CAs. These checks should be
don
5 matches
Mail list logo
