On 2014-08-27 18:15, Kathleen Wilson wrote:
Based on the discussion so far, I think the answer is that the CAs need
to work with their auditors to create a public-facing audit statement
that does not have information in it that the CA considers sensitive,
but that sufficiently lists the BRs that
On 8/28/2014 9:42 AM, Man Ho (Certizen) wrote:
I think some CAs don't
even want to claim they are CAB/Forum BR compliant, but just want to be
included in all root certificate programs.
What I mean is that some CAs don't want to claim they are CAB/Forum BR
compliant, but committed to conform to
On Thu, Aug 28, 2014 at 02:40:08PM +0800, Man Ho (Certizen) wrote:
On 8/28/2014 9:42 AM, Man Ho (Certizen) wrote:
I think some CAs don't
even want to claim they are CAB/Forum BR compliant, but just want to be
included in all root certificate programs.
What I mean is that some CAs don't
Please see page 7 of ETSI 102 042:
ETSI - Electronic Signature and Infrastructure (ESI) includes in the present
document provisions consistent with the requirements for issuing Extended
Validation Certificates (EVC), as specified in the above mentioned CAB Forum
EVC Guidelines (EVCG [16]) as
On 8/27/14, 9:15 AM, Kathleen Wilson wrote:
Based on the discussion so far, I think the answer is that the CAs need
to work with their auditors to create a public-facing audit statement
that does not have information in it that the CA considers sensitive,
but that sufficiently lists the BRs that
David E. Ross a écrit :
With a redacted audit report, the presumption
should be that hidden negative information exists that would disqualify
the certification authority from having its root certificate in the NSS
database if such information were disclosed.
any redaction would imply the
On 8/27/2014 7:11 AM, Jean-Marc Desperrier wrote:
David E. Ross a écrit :
With a redacted audit report, the presumption
should be that hidden negative information exists that would disqualify
the certification authority from having its root certificate in the NSS
database if such information
On 8/27/14, 7:11 AM, Jean-Marc Desperrier wrote:
David E. Ross a écrit :
With a redacted audit report, the presumption
should be that hidden negative information exists that would disqualify
the certification authority from having its root certificate in the NSS
database if such information
On Thu, Aug 28, 2014 at 09:42:13AM +0800, Man Ho (Certizen) wrote:
Concerning about a list of BRs that the CA is still working to conform
with, I don't think CAs will agree to publish in public for security
reason and also because of business sensitivity. I think some CAs don't
even want to
On Tue, Aug 26, 2014 at 11:35 AM, Kathleen Wilson kwil...@mozilla.com wrote:
I am running into a problem with BR audit statements that list details about
issues that have been found.
https://wiki.mozilla.org/CA:CertificatePolicyV2.1#Baseline_Requirements
...The first BR audit for each CA and
On 8/26/14, 12:10 PM, Peter Bowen wrote:
Could you publish a list of BR section numbers which one or more CA is
saying they do not yet comply with, not including any CA names? That
would help determine the scope of the request and provide some
guidance on the possible impact of the
On 8/26/14, 1:14 PM, Chris Palmer wrote:
On Tue, Aug 26, 2014 at 1:09 PM, Kathleen Wilson kwil...@mozilla.com wrote:
BR 9.5 – 1024-bit certs with validity beyond 2013 (in order to support
legacy customer apps)
BR 13.2.6 - OCSP giving status “good” for unknown serial numbers.
BR 16.5 -
On 8/26/14, 1:42 PM, Chris Palmer wrote:
If CAs can't meet the baseline requirements that they themselves
helped set, and prove so to the public, perhaps the current situation
is the end of the road.
Sigh. It'll get better. I can see in those audit statements that the
issues either were
On Tue, Aug 26, 2014 at 1:24 PM, Kathleen Wilson kwil...@mozilla.com wrote:
On Tue, Aug 26, 2014 at 1:09 PM, Kathleen Wilson kwil...@mozilla.com wrote:
BR 9.5 – 1024-bit certs with validity beyond 2013 (in order to support
legacy customer apps)
BR 13.2.6 - OCSP giving status “good” for
Hi Kathleen,
My take on this is that any information that is relevant to a CA's
conformance (or lack thereof) with the BRs (or any other part of Mozilla's
inclusion criteria) needs to be disclosed to those who are passing judgment
on the suitability of the CA for inclusion in the Mozilla trust
On Tue, Aug 26, 2014 at 5:18 PM, Matt Palmer mpal...@hezmatt.org wrote:
On an unrelated point, I'd like to thank you, Kathleen, for the work you do
in this area. Going over the minutiae of audit reports can't be a
particularly fun job, but it *is* a very necessary one, so thanks for being
16 matches
Mail list logo