On 2/11/2009 8:43 AM, Ian G wrote:
> On 11/2/09 05:20, Frank Hecker wrote:
>> Ian G wrote:
>>> The policy says, we need published information, *eg* the CPS.
>>>
>>> Not, "CPS must be published."
>> Yes, exactly. We typically use the CPS and/or CP because almost all CAs
>> publish those documents; however there is no requirement that the
>> information published by the CA be in the form of a CPS or CP.
>>
>> Speaking personally, I think think that it is good practice for CAs to
>> publish a CPS. If a CA has private information relating to detailed
>> internal processes that it does not wish to make public, I suggest that
>> it put such material in a separate "CA operations manual" that is
>> internal-only.
>
>
> OK, I made some changes on the wiki and added these words:
>
> https://wiki.mozilla.org/CA:Recommended_Practices#Recommended_practices
>
> # .... (we rely on public documents only).
> # If you do not publish the CP/CPS (not recommended), you will need
> to publish an extract that summarizes the portions that are of most
> interest to us.
>
>
> This only reflects my understanding of the situation. Also, I recognise
> that the words on the wiki already almost nailed it, so we are in danger
> of bureaucratic freefall... Hack away...
>
> iang
This would then tie into the later section:
* CAs should supply evidence of their being evaluated according to one
or more of the criteria accepted as suitable per the Mozilla policy.
. . .
* All documents supplied as evidence should be publicly
available.
However, the last sentence should be modified to say:
* All documents supplied as evidence should be publicly available and
must be addressed in any audit.
I don't have (don't want) an account to update the Wiki.
--
David E. Ross
<http://www.rossde.com/>.
Don't ask "Why is there road rage?" Instead, ask
"Why NOT Road Rage?" or "Why Is There No Such
Thing as Fast Enough?"
<http://www.rossde.com/roadrage.html>
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
