A notary does not verify content, a notary verifies identity. What we need is an opinion (hey! using your own terminology, Ian, that means AUDIT, and thus AUDITOR) that the document substantially reflects the CP/CPS. If not an auditor, who would you suggest to do it, given that a notary isn't authoritative for opinions other than on the signer having shown identity?
I think the entire CA approval process is completely FUBARed. I think Mozilla has managed to paint itself into a corner from which people like Ian will not let it escape, and has thus been bullied and intimidated into accepting things into its root program that are analytically damaging to the PKI and the pursuit of commerce to be enabled by it. I also believe that it has allowed "commerce" to define its operations and criteria for far too long. -Kyle H On Wed, Feb 11, 2009 at 3:37 PM, Ian G <i...@iang.org> wrote: > On 11/2/09 21:29, Eddy Nigg wrote: >> >> On 02/11/2009 07:12 PM, David E. Ross: >>> >>> However, the last sentence should be modified to say: >>> >>> * All documents supplied as evidence should be publicly available and >>> must be addressed in any audit. >>> >>> I don't have (don't want) an account to update the Wiki. >>> >> >> I agree on this definition. Is there anybody objecting to it? (I can >> update the page accordingly). >> > > > I object. > > All documents supplied to Mozilla is within a Mozilla context. > > Audit does an audit context. The two are different. Don't mix them; most > all audits are done according to defined audit criteria, such as WebTrust or > ETSI or DRC. > > Asking an auditor to sign off on random documents that have nothing to do > with the criteria, the audit world and the direct process raises questions. > I would claim that no (or few) auditors to date has been asked to verify a > CA according to Mozilla review. > > If you want "evidence" quality documents then ask for a notary? > > iang > > > > PS: I for one would definately champion rewriting the WebTrust process but > this is not the way to do it. > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto