Apologies. By choosing to use the term TSP when referring to an organization operating a PKI, I thought I had made my meaning clear. I now realize I inferred "certificate" when I used the term "subordinate CA". I meant "subordinate CA certificate" in all cases where I wrote "subordinate CA" or "subCA".
For reference, there has been an ongoing CA/Browser Forum discussion aimed at disambiguating the term "CA": https://cabforum.org/pipermail/policyreview/2016-May/000291.html On Fri, Mar 23, 2018 at 4:08 PM, David E. Ross via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 3/23/2018 11:34 AM, Wayne Thayer wrote: > > Recently I've received a few questions about audit requirements for > > subordinate CAs newly issued from roots in our program. Mozilla policy > > section 5.3.2 requires these to be disclosed "within a week of > certificate > > creation, and before any such subCA is allowed to issue certificates.", > but > > says nothing about audits. > > "CA" = "certification authority" > > Do you really mean "subordinate certification authorities newly issued > from roots"? If so, what does that mean? Or do you mean "subordinate > certificates newly issued from roots"? > > I do not really want to be picky. However, when dealing with something > as important as Internet security, being picky is mandatory. > > -- > David E. Ross > <http://www.rossde.com/> > > President Trump: Please stop using Twitter. We need > to hear your voice and see you talking. We need to know > when your message is really your own and not your attorney's. > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
