Just one minor typo issue: On 22/03/2016 17:42, Eli Spitzer wrote:
Hello, In response to the issues raised by Mr. Sleevi, we are making a number
> of changes in to ComSign's CPS. >
Some of the issues raised here will be addressed by the changes in the
> CPS, while others will remain the same because we feel that they do > not represent problems with our compliance to the Mozilla Policy.
Listed here are all of the replies in order of Mr. Sleevi's remarks
> (and with the division between 'Meh' and 'Bad'). >
The draft of the revised CPS can be viewed in this address:
>
http://www.comsign.co.uk/wp-content/uploads/Comsign CPS-EN-v312-Draft.pdf
>
It includes most of the suggested changed (red-lined), but it still has
> the existing CPS structure. We are planning to change the structure and > order of sections as well. >
Also, I would like to thank Mr. Sleevi, since this is an opportunity
> for us to improve our CPS and do some serious housekeeping, which we > may not have done without his objections.
...* Section 10.15.1 reserves ComSign the right to unilaterally employ additional methods at ComSign's discretion. This seems to run counter to the Mozilla Policy which obligates the CA to notify Mozilla of any meaningful changes to the CP/CPS.This is a "General Statement of Conformity" section, which states that
> all of ComSign's methods of performing tasks related to certificate
> issuance will comply with the policies of the Certification Authority
> / Browser Forum ("CAB Forum").
>
It also stated that "In case multiple or alternative methods or options
> are possible by the baseline requirements or guidelines ... ComSign > reserves the right to choose any of the methods or options > applicable". The methods themselves are listed and enumerated > throw-out the CPS. > I think you mean through-out, which is something completely different.
There is no mention in this section of the option to add additional
> methods, or to make any major or meaningful change to the CP/CPS. Of > course ComSign is obligated and WILL notify Mozilla of any meaningful > change in its CP/CPS, but this is not relevant to this section.
... Eli Spitzer, Information security & System Management, Comsign
Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
