On 2/4/2015 10:27 PM, Kurt Roeckx wrote:
So maybe the CP/CPS should indicate what the version is they comply
with, and update it on regular basis? Or maybe just say that they will
follow the updates?
Since Mozilla's CP requires CA to submit audit report annually, the CA's
assertion of
On 2015-02-04 14:55, Man Ho (Certizen) wrote:
But making a statement in CP/CPS means that CA has already
complied with the latest version of BRs. In other words, CA has
already complied with all potential changes of BRs at all time. Such
statement could be a false statement when the latest
On 1/31/2015 3:42 AM, Jeremy Rowley wrote:
Snipped to try and make the convo less confusing.
[MH] If that's the case, the trustworthiness of a Webtrust audit would be
weakened. Auditors should obtain the CA's assertion of compliance, and assess
whether it's reasonable with respect to the
Snipped to try and make the convo less confusing.
[MH] If that's the case, the trustworthiness of a Webtrust audit would be
weakened. Auditors should obtain the CA's assertion of compliance, and assess
whether it's reasonable with respect to the CA's CP/CPS and the target scope of
audit (i.e.
On 1/30/2015 5:59 AM, Jeremy Rowley wrote:
Some initial thoughts:
1) Membership in the CAB Forum is not required for a CA to commit to
complying with the BR, and if non-membership avoids any obligation to comply
with the BRs, I think you'll quickly see a mass exodus from the group. No
Some initial thoughts:
1) Membership in the CAB Forum is not required for a CA to commit to
complying with the BR, and if non-membership avoids any obligation to comply
with the BRs, I think you'll quickly see a mass exodus from the group. No
member of the CAB Forum is bound to its
Kurt said I think that the webtrust audit is also based on a certain version
of the BR and that they might not have been updated yet to check the latest
version. So I think the audit report should indicate which version was
checked. If an audit was not for the last version that doesn't mean
All,
https://wiki.mozilla.org/CA:BaselineRequirements
Currently says: The CA's CP or CPS documents must include a commitment
to comply with the BRs, as described in BR section 8.3.
I have been asked if a CA can have their Webtrust audit statement
indicate their commitment to comply with the
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+jeremy.rowley=digicert@lists.mozilla.org]
On Behalf Of Kathleen Wilson
Sent: Wednesday, January 28, 2015 3:49 PM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Question about BR Commitment
Hi Kathleen,
On Wed, Jan 28, 2015 at 02:49:22PM -0800, Kathleen Wilson wrote:
https://wiki.mozilla.org/CA:BaselineRequirements
Currently says: The CA's CP or CPS documents must include a commitment to
comply with the BRs, as described in BR section 8.3.
I have been asked if a CA can have
10 matches
Mail list logo
