On 02/04/2009 07:39 PM, Frank Hecker:
Re resellers, I think it is a fruitless task for us to try to move the entire CA industry to change the way it operates as a business. Our main interest is in having CAs maintain effective controls over their authorized agents, whether these be actual resellers, RAs in general, or whatever. If CAs outsource a lot of the work involved in subscriber verification (to an RA) or cert issuance (to a third-party subordinate) then I think it's reasonable to have them face increased questioning about measures they've taken to establish and maintain effective controls;
+1
however I don't think it's reasonable to disqualify them entirely for using third-party agents, or to dictate exactly how they should operate wrt such third-party agents.
100% correct. I think this is exactly what should be applied. The mere existence of RAs, sub CAs and other third parties operating within a CAs infrastructure aren't in itself a reason to disqualify a CA. The policies and controls governing them are what matters.
Actually if Kathleen can take over the bulk of the CA request processing then I think I would have time for dealing with some of these policy issues. The only unsustainable thing is having me be on the critical path for CA evaluation.
This is excellent news! I understand that that Kathleen has taken over those additional tasks and it seems that we are all happy about it. I look very much forward of your spending of more time with policy matters!
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto