Kyle Hamilton:
>
> Eddy: Can the root CA operator itself be the auditor of the sub-CAs,
> and bring its auditing documentation to its own auditor? That's not
> clear from the language you used; I'm assuming that sub-CAs cannot
> audit themselves (but could perhaps audit sub-sub-CAs), but since it'
On Tue, Aug 26, 2008 at 3:24 AM, Thorsten Becker <[EMAIL PROTECTED]> wrote:
> In Bug #378882 Eddy Nigg directed me here because of a SubCA audit
> question: He states that root CAs in mozilla NSS must "Not circumvent
> the audit requirement set forth by the Mozilla CA policy.
> This means that the
Thorsten Becker:
>
> Can we say that it is neccessary (but not sufficient) to get included if
> you have "independent" sub-CAs that they are linked logically and
> legally to your root in a "sufficient" manner? Entities that are
> physically external seem to be quite common (Enterprise CAs)
>
"Qui
Eddy,
thanks for your elaborate answer. I have only a few questions (I'm still
learning... ;-) )
Eddy Nigg schrieb:
>
> Let me add a few things here in order to make it clear what I meant:
>
> The Mozilla CA policy requires auditing of the CA and its
> infrastructure. In the past there were v
Thorsten Becker:
> In Bug #378882 Eddy Nigg directed me here because of a SubCA audit
> question: He states that root CAs in mozilla NSS must "Not circumvent
> the audit requirement set forth by the Mozilla CA policy.
> This means that the CAs which belong to this PKI and are under this root
> MUST
5 matches
Mail list logo
