On 12/8/2016 12:48 PM, Gervase Markham wrote: > Require CAs to publish their CPs and CPSes under one of the following > Creative Commons licenses: CC-BY, CC-BY-SA or CC-BY-ND. > > This is so that there is no legal impediment to their proper storage, > scrutiny etc. by relying parties. > > Proposal: add an additional paragraph to point 17 of the Inclusion > policy, as follows: > > CPs and CPSes must be made available to Mozilla under one of the > following Creative Commons licenses: Attribution (CC-BY), > Attribution-ShareAlike (CC-BY-SA) or Attribution-NoDerivs (CC-BY-ND). If > none of these licenses is indicated, the fact of application is > considered as permission from the CA to allow Mozilla and the public to > deal with these documents, and any later versions for root certificates > which are included in Mozilla's trust store, under CC-BY-ND. > > (We would add links to the relevant license terms where each is mentioned.) > > This is: https://github.com/mozilla/pkipolicy/issues/12 > > ------- > > This is a proposed update to Mozilla's root store policy for version > 2.4. Please keep discussion in this group rather than on Github. Silence > is consent. > > Policy 2.3 (current version): > https://github.com/mozilla/pkipolicy/blob/2.3/rootstore/policy.md > Update process: > https://wiki.mozilla.org/CA:CertPolicyUpdates >
Great idea. If the public is to trust the certificates of certification authorities, the public should be able to access, view, and even copy those authorities' CPs and CPSs. -- David E. Ross The Crimea is Putin's Sudetenland. The Ukraine will be Putin's Czechoslovakia. See <http://www.rossde.com/editorials/edtl_PutinUkraine.html>. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy