El sábado, 31 de marzo de 2018, 3:01:29 (UTC+2), Wayne Thayer escribió: > On Thu, Mar 29, 2018 at 12:55 PM, Ryan Sleevi <r...@sleevi.com> wrote: > > > > > I think, for new CAs, the KGC report and the stated CP/CPS, combined with > > ensuring that the next audit that covers the period of time stated on the > > KGC report includes that certificate, seems like a reasonable balance. > > > > I'll add this to the list for 2.6 and propose some language in a new > "Policy 2.6 Proposal" thread. > > Thanks, > > Wayne
There are also some situations in that a root CA in an organization is issuing a Certificate for a Sub-CA in a different organization. In my opinion, both organization should perform an audit conforming EN 319 411-2. An interesting point would be to identify which information of the CAR (Conformity Assessment Report)is of interest for the Country Supervisory Body and wich is of interest for Mozilla or other Browsers aligned with CAB Forum. One is key element to be included in the TSL and the other to browser (for instance Mozilla) related Root certificates programs. Best regards, Julian Inza _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
