All,
I need to update
https://wiki.mozilla.org/CA:SubordinateCA_checklist
to reflect the current policy (technically constrain or disclose/audit).
I propose the following changes.
1) Remove the Terminology section. Given the current policy, the terms
"In-House", "Third-Party", "Private", "Public" do not matter anymore.
The only distinction we need to make now is between technically
constrained (according to Mozilla policy) or not.
2) In the introductory section clearly reference items #8, 9, and 10 of
http://www.mozilla.org/projects/security/certs/policy/InclusionPolicy.html
3) Remove the "Third-Party Private (or Enterprise) Subordinate CAs"
section.
4) Change the title of the "Third-Party Public Subordinate CAs" section
to "Non-Technically Constrained Subordinate CAs", and add a line item
for Baseline Requirements policy and audit.
Any comments or corrections before I proceed to make these changes?
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy