On 2/15/2006 5:22 AM Manuzhai spoke thusly
> there are other CA's mentioned as Processing which don't have an audit.
>
I don't personally see a problem with requiring a third-party audit of
the CA. In fact, I think that's a good thing. I do, however, think
that there should be a review
I found the answer.
In order to store the Root CA cert, or Interm CA cert into FireFox cert
store under "Authorities" tab, during PKCS#11 initialization, two P11
objects for each cert are needed: a Trusted Object and a Certificate
Object.
For example, for a Trusted Object, it should have the follo
Hi,
My PKCS#11 module is testing SSL Client Auth operation with CaCert.org.
Since the Root CA cert of CaCert.org is not inside CaCert.org, during
token login,
I would like to have the Root CA cert to be inserted into the FireFox cert store
under "Authorities". In other words, s
I did not mean to imply that the jurat would be the sole document upon
which the MF would add a CA's root to the browser. There will need to
be contract terms to which the CA and MF would agree, and to which the
jurat would be added as an attachment. Such a contract would be the
recourse for rec
Arshad Noor wrote:
Has the Mozilla Foundation considered using a self-audit in the form of
a Jurat? There are some advantages to doing so for the CA operator, as
well as for the MF.
To those unfamiliar with the term, a Jurat is any document, where the
signer swears to the veracity of its conten
Has the Mozilla Foundation considered using a self-audit in the form of
a Jurat? There are some advantages to doing so for the CA operator, as
well as for the MF.
To those unfamiliar with the term, a Jurat is any document, where the
signer swears to the veracity of its contents, signs the docume
On 2/18/06, Frank Hecker <[EMAIL PROTECTED]> wrote:
>
> I didn't envision this as being something that a person would just do as
> an independent activity, with the Foundation in essence "certifying"
> people to do this sort of work. It's more something that would be done
> in the context of a part
Kyle Hamilton wrote:
Ah, okie.
How would one go about becoming certified as such an independent
auditor? I'd like to apply for such Mozilla Foundation certification.
I didn't envision this as being something that a person would just do as
an independent activity, with the Foundation in essen
Kyle Hamilton wrote:
As an aside to Frank: You need to change the newsgroup name on
http://www.hecker.org/mozilla/ca-certificate-list :)
Done. (Thanks for catching that!)
Frank
--
Frank Hecker
[EMAIL PROTECTED]
___
dev-tech-crypto mailing list
dev-t
nder what the
> > status on inclusion of the cacert.org root cert is. The bug [1] has very
> > interesting and lively discussion over a span of, oh, 30 months, and on
> > the status page [2] it says that the CAcert inclusion is Pending, while
> > most other inclusion
Ah, okie.
How would one go about becoming certified as such an independent
auditor? I'd like to apply for such Mozilla Foundation certification.
-Kyle Hamilton
On 2/17/06, Frank Hecker <[EMAIL PROTECTED]> wrote:
> Kyle Hamilton wrote:
> > I would sincerely hope that the direct and indirect cost
Kyle Hamilton wrote:
I would sincerely hope that the direct and indirect costs of
performing the audit (including travel expenses and labor) would be
borne by the CA.
My fault, I didn't quote the full policy:
By "independent party" we mean a person or other entity who is not
affiliated wi
I have a small clarification question here...
> * an "independent party" can be someone "who is not affiliated with the
> CA as an employee or director" and "is not financially compensated by
> the CA".
I would sincerely hope that the direct and indirect costs of
performing the audit (including t
3. Make these other Reply-To header choices:
a) leave it alone (as the poster created it) [now configured this way.]
b) strip it out completely
c) replace its contents with a constant string, e.g. with name of list.
There is a good summary of the debate "What to do with Reply-To" here:
Frank Hecker wrote:
Nelson B wrote:
I believe it was Mr. David E. Ross http://www.rossde.com/
He used to be a regular in this newsgroup/alias, but the last time
I saw a message from him was Feb 10 2004. :-(
As I understand it, David got conscripted to serve on a grand jury. I
believe he is st
Frank Hecker wrote:
If a CA were to propose someone who was not an actual professional
auditor authorized to do WebTrust or other formal audits, then that
person (or persons) would have to meet the requirements above, the CA
and/or would have to publish information regarding the person's
quali
Gervase Markham wrote:
And I don't know what Frank would say, but I'm not sure that a review
from a single unqualified individual could meet the "WebTrust or
equivalent" standard in the CA cert policy.
The Mozilla CA certificate policy doesn't say anything about "WebTrust
or equivalent". What
Nelson B wrote:
I believe it was Mr. David E. Ross http://www.rossde.com/
He used to be a regular in this newsgroup/alias, but the last time
I saw a message from him was Feb 10 2004. :-(
As I understand it, David got conscripted to serve on a grand jury. I
believe he is still serving on it, mo
Gervase Markham wrote:
> Kyle Hamilton wrote:
>
>>As I recall, cacert.org was planning to be audited by one of the
>>Mozilla guys directly. I don't know who, and I don't know when, but I
>>kinda recall some discussion of this.
>
> I remember hearing some
ot the faintest clue what
the answers might be.
-Kyle H
On 2/17/06, Gervase Markham <[EMAIL PROTECTED]> wrote:
> Kyle Hamilton wrote:
> > As I recall, cacert.org was planning to be audited by one of the
> > Mozilla guys directly. I don't know who, and I don't know whe
Kyle Hamilton wrote:
> As I recall, cacert.org was planning to be audited by one of the
> Mozilla guys directly. I don't know who, and I don't know when, but I
> kinda recall some discussion of this.
I remember hearing someone say this, but when I asked, the name given
was
Nelson B Bolyard wrote:
> Kyle Hamilton wrote:
>
>>(I /hate/ that I have to click 'reply all' to reply to the original
>>poster /and/ the list.)
>
> What would you propose instead?
> Having a Reply-To: header in each message that replies to the alias?
> or ?
The particular MailMan list managemen
Kyle Hamilton wrote:
> (I /hate/ that I have to click 'reply all' to reply to the original
> poster /and/ the list.)
What would you propose instead?
Having a Reply-To: header in each message that replies to the alias?
or ?
/Nelson (List owner/moderator)
___
(I /hate/ that I have to click 'reply all' to reply to the original
poster /and/ the list.)
-- Forwarded message --
From: Kyle Hamilton <[EMAIL PROTECTED]>
Date: Feb 15, 2006 6:24 PM
Subject: Re: cacert.org
To: Frank Hecker <[EMAIL PROTECTED]>
As I
Manuzhai wrote:
Even with the danger of opening a can of worms here, I wonder what the
status on inclusion of the cacert.org root cert is. The bug [1] has very
interesting and lively discussion over a span of, oh, 30 months, and on
the status page [2] it says that the CAcert inclusion is
Manuzhai wrote:
Hi there,
Even with the danger of opening a can of worms here, I wonder what the
status on inclusion of the cacert.org root cert is. The bug [1] has very
interesting and lively discussion over a span of, oh, 30 months, and on
the status page [2] it says that the CAcert
Hi there,
Even with the danger of opening a can of worms here, I wonder what the
status on inclusion of the cacert.org root cert is. The bug [1] has very
interesting and lively discussion over a span of, oh, 30 months, and on
the status page [2] it says that the CAcert inclusion is Pending
27 matches
Mail list logo
