On 27/06/2017 06:47, Kathleen Wilson wrote:
All,
We've added new Auditor objects to the Common CA Database. Previously auditor
information was just in text fields, and the same auditor could be represented
different ways. Now we will have a master list of auditors that CAs can select
from when entering their Audit Cases to provide their annual updates. The root
store operator members of the CCADB will update this data as we encounter audit
statements from new auditor/locations that we are able to verify.
I have started the master list based on auditors encountered in the CCADB for
root certificates.
https://ccadb-public.secure.force.com/mozilla/AuditorQualificationsReport
I will greatly appreciate it if you will review the list and let me know if
I've made any mistakes in the data. Also, I will greatly appreciate good links
to the qualifications to the ETSI auditors (I'm not sure if the
links/qualifications I've used are the best).
Thanks,
Kathleen
Maybe add an extra column indicating if this auditor is currently
distructed by Mozilla (and thus not accepted for new audits on Mozilla
trusted roots). Alternatively a list of CCADB-based root programs
distrusting an auditor.
This could become the canonical place for Mozilla and other CCADB-based
root programs to indicate when they override the trust programs
(WebTrust, ETSI, ...) decision on this.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
