On 02/12/2009 01:37 AM, Ian G:
I object.
OK, then back to square one.
All documents supplied to Mozilla is within a Mozilla context.
Huuu?
Audit does an audit context. The two are different. Don't mix them; most all audits are done according to defined audit criteria, such as WebTrust or ETSI or DRC.
Yes, and Mozilla relies on them, period.
Asking an auditor to sign off on random documents that have nothing to do with the criteria, the audit world and the direct process raises questions.
Right, that's why CAs MUST publish their CPS.
I would claim that no (or few) auditors to date has been asked to verify a CA according to Mozilla review.
Not "Mozilla Review", but if we want to facilitate other documents beyond CSP than I have no problem accepting them if an auditor agrees to confirm those documents. It's really not our problem.
If you want "evidence" quality documents then ask for a notary?
No, what has that to do with it?
PS: I for one would definately champion rewriting the WebTrust process but this is not the way to do it.
PS: PS: Why not? Go for it. Talk to them. -- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto