On 19/11/15 23:09, Kathleen Wilson wrote: > “10. … The CA with a certificate included in Mozilla’s CA Certificate > Program MUST disclose this information *in the CA Community in > Salesforce* <link to https://wiki.mozilla.org/CA:SalesforceCommunity> > before any such subordinate CA is allowed to issue certificates > *chaining up to the CA’s included root certificate*. …”
I would say "disclose this information to Mozilla in a manner Mozilla will specify before any such". There's no need to specify the exact tool in a policy. Separation of policy and mechanism :-) > “10. … For a certificate to be considered publicly disclosed and > audited, the following information MUST be provided: ..." Similarly, I would change this to "the full certificate contents in a format Mozilla specifies". > Also, in the https://wiki.mozilla.org/CA:SalesforceCommunity wiki page I > propose adding the following section: That's not a policy document, so you can change it how you like :-) Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy