On 02/13/2009 09:37 PM, kathleen95...@yahoo.com:
The summary of the action items resulting from this first public
discussion is as follows.
A publicly available document that is evaluated as part of the annual
audit needs to be provided, and it must include information that
satisfies section 7, parts a, b, and c of the Mozilla CA Certificate
Policy at http://www.mozilla.org/projects/security/certs/policy/.
This document also needs to address the potentially problematic
practices as per https://wiki.mozilla.org/CA:Problematic_Practices.
Certigna’s CPS contains sensitive information that cannot be posted
publicly at this time. As such, the following possible solutions are
recommended:
1) Publish a version of the CPS with the confidential material
redacted.
2) Publish just those portions of the CPS that address the items noted
above, and have your auditor confirm to us that the sections provided
are from the CPS that was referenced in your audit.
This concludes the first public discussion about Certigna’s request to
add one new root CA certificate to the Mozilla root store. This
summary of action items will also be posted in the bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=393166
Kathleen, can you re-post this summary once again but under the subject
"Re: Certigna Root Inclusion Request"? By mistake you posted it under a
different thread and subject. Thanks a lot!
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
