David E. Ross wrote:
On 2/10/2009 12:06 PM, Frank Hecker wrote:
If you cannot publish the CPS because it contains private information, I
suggest as an alternative that you provide some sort of official
Certigna document that summarizes the portions of the CPS that are of
most interest to us (i.e., those relating to validation of subcriber
information).
<snip>
However, not only should they provide some alternative documentation but
also that documentation should be considered during the required audit.
My assumption was that if the material in the document was based on the
CPS then it would have been covered in the audit, since presumably the
audit was based on what was in the CPS.
Frank
--
Frank Hecker
hec...@mozillafoundation.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
