On 12/27/2008 11:07 PM, Michael Ströder:
I meant the RA should also be audited during the CA audit.
This in turn would be similar to this https://wiki.mozilla.org/CA:Problematic_Practices#Allowing_external_entities_to_operate_unconstrained_subordinate_CAs
At this stage I'm not proposing to make the same requirements as for externally operated intermediate CAs, however I'd maybe suggest to have critical aspects performed at the CA itself than have it outsourced. This in order to guaranty adherence to the Mozilla CA Policy section 7.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto