kathleen95...@yahoo.com wrote:
The summary of the action items resulting from this first public
discussion is as follows.
A publicly available document that is evaluated as part of the annual
audit needs to be provided, and it must include information that
satisfies section 7, parts a, b, and c of the Mozilla CA Certificate
Policy at http://www.mozilla.org/projects/security/certs/policy/.
This document also needs to address the potentially problematic
practices as per https://wiki.mozilla.org/CA:Problematic_Practices.
Certigna’s CPS contains sensitive information that cannot be posted
publicly at this time. As such, the following possible solutions are
recommended:
1) Publish a version of the CPS with the confidential material
redacted.
2) Publish just those portions of the CPS that address the items
noted
above, and have your auditor confirm to us that the sections provided
are from the CPS that was referenced in your audit.
Kathleen, as I understand it, Yannick Leplard of Certigna has proposed
doing option 2 above, and that would be acceptable to us as far as I'm
concerned.
Frank
--
Frank Hecker
hec...@mozillafoundation.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
