Yannick LEPLARD wrote:
Unfortunately, CPS are not published (they described internal technical and organizational measurements)
I acknowledge your comment that ETSI TS 102 042 does not require the CPS to be published. However we depend on public documents to document the exact claims that CAs make and whether these meet our policy requirement. So this causes a problem for us when we do not have access to CPSs and related documents.
If you cannot publish the CPS because it contains private information, I suggest as an alternative that you provide some sort of official Certigna document that summarizes the portions of the CPS that are of most interest to us (i.e., those relating to validation of subcriber information).
Frank -- Frank Hecker hec...@mozillafoundation.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
