On 10/19/15 4:34 PM, Kathleen Wilson wrote:
Therefore, I also propose that we don't separate out the audit criteria according to trust bit in version 2.3 of the policy. Rather, the separation will be part of another effort to create a separate S/MIME policy in 2016. This means that the following audit criteria will continue to be considered acceptable for root certificates with only the Email trust bit enabled: - ETSI TS 101 456 - ETSI TS 102 042 (and the replacement) - WebTrust for CA And, as currently stated in the policy, ETSI TS 101 456 may not be used if the Websites trust bit is enabled.
Based on there being no further discussion about this, I am going to assume that this item (separate out audit criteria according to trust bit) may be postponed to a future policy update.
Thanks, Kathleen _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy