On 02/13/2009 05:58 AM, Nelson B Bolyard:
Recently, a CA that uses partitioned CRLs applied to admission to
the Mozilla/NSS root CA list. Our choices appear to be:
1) Do not admit their root until support for partitioned CRLs is done.
(There is no active plan of record to do that work at this t
Michael Ströder wrote, On 2009-02-10 00:27:
> Nelson B Bolyard wrote:
>> This is probably a policy question, but: are we willing to accept CAs
>> that use CRLs that we cannot parse?
>
> I'd say no.
>
>> Does this CA also implement OCSP? Can we justify this on the grounds
>> that we do implement
On 02/12/2009 09:11 PM, Ian G:
First of all I think we should edit this document only after some sort
of agreement here. I think we haven't finished discussion concerning
this issue yet, can you hold back for a minute?
Nope. It's a wiki;
It's a wiki because that's the media Frank decided wou
On 02/12/2009 09:04 PM, Ian G:
Eddy, you change your tune so fast you must be salsa dancer ...
I don't think so. I wondered if we need a list of 20 items in order to
clarify what a CA should provide in terms of audited documents. As I
already said, many times we need only clarifications - a b
On 11/2/09 21:26, Eddy Nigg wrote:
On 02/11/2009 06:43 PM, Ian G:
OK, I made some changes on the wiki
First of all I think we should edit this document only after some sort
of agreement here. I think we haven't finished discussion concerning
this issue yet, can you hold back for a minute?
On 12/2/09 19:00, Eddy Nigg wrote:
On 02/12/2009 07:47 PM, Ian G:
[2] Actually I think I am a long way from nailing down the issues here.
Even though I agree usually on providing clear statements and
requirements, I wonder if we really have to go into such details? You
know, many times it was
David Stutzman wrote:
Glen Beasley wrote:
you can code the same pretty print functionality but there is no
existing function that
duplicates certutil -l -n.
You can start with
http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/ListCerts.java
Which currently outputs:
On 02/12/2009 07:47 PM, Ian G:
[2] Actually I think I am a long way from nailing down the issues here.
Even though I agree usually on providing clear statements and
requirements, I wonder if we really have to go into such details? You
know, many times it was sufficient to receive a statement
So there appear to be several things that might require an additional
audit interaction over some delivery to Mozilla, outside the normal
audit opinion.
Here's my list of things, as spotted recently:
1. a CA's clarification or comment over a key document (e.g., CPS).
2. an additional documen
On 02/12/2009 05:13 PM, Yannick LEPLARD:
This is a good alternative for us. If everybody agree with, we can send
you the fair portion of CPS in english and our auditor will confirm you
the genuineness of the document.
In my opinion this would solve the problem. I would like to request that
t
Another alternative is to publish just those portions of the CPS
that address the question of email verification, and have your
auditor confirm to us that the section(s) in question are from the
CPS that was referenced in your audit.
Frank
This is a good alternative for us. If everybody
Eddy Nigg wrote:
On 02/11/2009 07:19 PM, Yannick LEPLARD:
So What should we do ?
Should we ask our auditor a certified document about our practices for
e-mail validation ?
Yannick, what are the chances to publish the CPS? Please note that all
CAs which have been included into Mozilla NSS duri
On 02/12/2009 12:31 PM, Yannick LEPLARD:
First of all, i would like to express my astonishment about the
discussion phase.
It sounds like Mozilla's discussion "how to evaluate the CAs / changes
to do in the benchmarks " rather than a Certigna discussion.
Yes, unfortunately we make the mistake a
First of all, i would like to express my astonishment about the
discussion phase.
It sounds like Mozilla's discussion "how to evaluate the CAs /
changes to do in the benchmarks " rather than a Certigna discussion.
We asked for inclusion in Mozilla on 2007 (august).
Mozilla agrees with ETSI 1
14 matches
Mail list logo
