David E. Ross wrote:
> In the existing policy, I see only brief mention of removing a
> previously approved root certificate (the phrase "to discontinue
> including a particular CA certificate in our products" in the first
> sentence of Section 4). I think we need to expand upon that issue.
>
> Ex
At 3:56 AM -0800 2/13/08, Kyle Hamilton wrote:
>Why, as a user, am I being asked by ANYONE in this forum if I can
>point to any CA that is violating their CPS, or 'not keeping up with
>their auditing'? Why does anyone even remotely think that this is
>appropriate?
Because you, alone, brought it u
On 2/12/2008 7:37 PM, Eddy Nigg (StartCom Ltd.) wrote:
> Below my suggestions concerning a policy update or guidelines for CAs
> which issue or have already external sub-ordinated CAs. This could be
> also an extension to the Mozilla policy. Here is my initial take:
>
> Plain CAs:
>
> - Obligat
[EMAIL PROTECTED] wrote:
> Maintenance of the WebTrust seal requires an annual audit.
Obtaining the WebTrust seal is optional. Not to speak about that Mozilla
accepts auditors not accredited by the WebTrust organization. Hence
there is no re-auditing requirement right now.
> The audit
> is o
Maintenance of the WebTrust seal requires an annual audit. The audit
is of compliance with the CPS - so if there are issuing CAs - whether
internal or external - covered by the CPS, then they part of those
procedures.
The same is not true of ETSI - which is a standard not really an audit
regime.
Kyle Hamilton wrote:
> Why, as a user, am I being asked by ANYONE in this forum if I can
> point to any CA that is violating their CPS, or 'not keeping up with
> their auditing'?
Obtaining the web seal of the Web Trust audit is optional and not a
requirement. Re-auditing never was a requirement a
On Feb 13, 2008 4:08 AM, Gervase Markham <[EMAIL PROTECTED]> wrote:
>
> Has Thawte passed an audit while performing this action which (I assume)
> you are saying should cause them to fail? (I suspect the answer is Yes,
> but I want to check.) If so, who was the auditor?
As a user, how on earth do
Kyle Hamilton wrote:
> Why, as a user, am I being asked by ANYONE in this forum if I can
> point to any CA that is violating their CPS, or 'not keeping up with
> their auditing'? Why does anyone even remotely think that this is
> appropriate? The fact that I caught Thawte violating their CPS at t
...nevermind that the root in the store that I caught violating their
CPS was in the latter category.
My question is this:
Why, as a user, am I being asked by ANYONE in this forum if I can
point to any CA that is violating their CPS, or 'not keeping up with
their auditing'? Why does anyone even
Frank Hecker wrote:
> I didn't quite say that, but I can understand why Kyle interpreted my
> comments that way. What I have said in the past is that because of the
> impact of removing a root, particular a root that has lots of server
> certs chained up to it, we're not going to remove a root u
David E. Ross wrote:
> Periodic audits of CAs are required by WebTrust to maintain their seal
> of approval and should thus be required by Mozilla for continued
> inclusion in the NSS store.
I don't know if it's in the policy explicitly, but it's always been my
view that if a CA failed its WebT
11 matches
Mail list logo
