On Thursday, June 1, 2017 at 5:03:15 PM UTC-7, Kathleen Wilson wrote: > On Friday, May 26, 2017 at 9:32:57 AM UTC-7, Kathleen Wilson wrote: > > On Wednesday, March 15, 2017 at 5:01:13 PM UTC-7, Kathleen Wilson wrote: > > All, > > > > I requested that this CA perform a BR Self Assessment, and they have > > attached their completed BR Self Assessment to the bug here: > > https://bugzilla.mozilla.org/show_bug.cgi?id=1065896#c30 > > > > Aaron has reviewed and verified the BR Self Assessment. > > > > Therefore, I plan to approve this request from the Government of Taiwan > > (GRCA) to include their "Government Root Certification Authority" root > > certificate, and turn on the Websites and Email trust bits, and constrain > > this root to *.tw. > > > > If there are no further concerns, then I will close this discussion and > > recommend approval in the bug. > > > > After further consideration, I have decided to wait for the CA to provide > their updated CP/CPS that will address all of the shortcomings that they > noted in their BR Self Assessment that they plan to fix in the next version > of their CP/CPS. > > So, this discussion will be on hold again until I have received and reviewed > their updated CP/CPS documents.
We have received the updated CP/CPS and have received and verified the most recent audits for this CA. Since we haven't yet implemented the changes to our inclusion process proposed by Kathleen a few days ago, I am now restarting discussion on this request, and I will post my comments once the CP/CPS review is completed. I plan to recommend that the XCA, MOICA, and MOEACA sub-CAs be added to OneCRL because they are neither technically constrained or BR audited. Wayne _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy