On Thu, Nov 19, 2015 at 05:00:03PM -0800, Kathleen Wilson wrote: > Insert 3rd bullet point: > "- translate into English the Certificate Policy and Certification Practice > Statement documents pertaining to the certificates to be included and the > trust bits to be enabled;" > > I will appreciate recommendations about how to improve this proposed update.
Some wording to require CAs to acknowledge that this translation is not merely informative, but in fact a binding agreement with the Internet community, would be useful. I can easily imagine a CA claiming, in the event of a breach of the CPS, that the "authoritative" version, in an alternate language, doesn't describe things in quite the same way, and so isn't a breach. > Is this a reasonable requirement to add? I think it is. The working language of the technical Internet (and this list) is, for better or worse, English, and ensuring that the core documentation of a CA's agreement with the Internet community is consumable by the largest possible number of interested parties is an important goal. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy