On 4/8/2014 1:25 PM, Kathleen Wilson wrote:
I'm still conflicted about whether a Super-CA can audit their
subordinate CAs. And if they can, then what assurances do we have that
the audit was done in an unbiased manner and according to the criteria
that we require.
I expressed the same
On Tue, Apr 08, 2014 at 03:34:13PM -0700, Kathleen Wilson wrote:
But I know that we already have such super CAs in the root program
now. From the top of my head:
- UTN UserFirst signs Gandi
- CyberTrust Global signs the Belgian government CA
- GeoTrust gives google a CA
- Baltimore
The first discussion of this request was here:
https://groups.google.com/d/msg/mozilla.dev.security.policy/DYrrxCsD6CA/9y8a5NnshRgJ
The discussion was closed because one of the root certificates under
consideration had been recently created and not audited. WoSign has
determined that they would
3 matches
Mail list logo