*nods* I'm pretty sure you're correct. What qualifications would be necessary? (Considering that auditors are supposed to be extremely skilled at finding things that are out of place... Webtrust uses CPA auditors. I don't know if most CPAs would have enough knowledge to be able to properly audit a CA.)
How would one establish the possession of the qualifications? What sort of liability bond would have to be posted? (Would there /be/ any liability?) These are just a couple thoughts that I have, and since I'm not a member of the Mozilla Foundation I haven't got the faintest clue what the answers might be. -Kyle H On 2/17/06, Gervase Markham <[EMAIL PROTECTED]> wrote: > Kyle Hamilton wrote: > > As I recall, cacert.org was planning to be audited by one of the > > Mozilla guys directly. I don't know who, and I don't know when, but I > > kinda recall some discussion of this. > > I remember hearing someone say this, but when I asked, the name given > wasn't anyone I'd ever heard of. I forget who it was. > > And I don't know what Frank would say, but I'm not sure that a review > from a single unqualified individual could meet the "WebTrust or > equivalent" standard in the CA cert policy. > > Gerv > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
