On 2/4/2015 10:27 PM, Kurt Roeckx wrote:
> So maybe the CP/CPS should indicate what the version is they comply
> with, and update it on regular basis? Or maybe just say that they will
> follow the updates?
Since Mozilla's CP requires CA to submit audit report annually, the CA's
assertion of compl
On 2015-02-04 14:55, Man Ho (Certizen) wrote:
But making a statement in CP/CPS means that CA "has already
complied" with the "latest version" of BRs. In other words, CA has
already complied with all potential changes of BRs at all time. Such
statement could be a false statement when the "latest v
On 2/4/2015 6:08 PM, Gervase Markham wrote:
> They are not refusing to comply, they
> just want to change the location of the compliance statement.
In practice, Webtrust BR audit report requires the CA's assertion of
compliance with BRs. It is a proper place to make the compliance
statement becau
On 28/01/15 22:49, Kathleen Wilson wrote:
> I have been asked if a CA can have their Webtrust audit statement
> indicate their commitment to comply with the BRs, rather than putting
> the commitment to comply statement in the CP/CPS.
> Here are the reason:
>
> 1) We are not a member of CAB/Forum
On 1/31/2015 3:42 AM, Jeremy Rowley wrote:
> Snipped to try and make the convo less confusing.
>
> [MH] If that's the case, the trustworthiness of a Webtrust audit would be
> weakened. Auditors should obtain the CA's assertion of compliance, and assess
> whether it's reasonable with respect to
Snipped to try and make the convo less confusing.
[MH] If that's the case, the trustworthiness of a Webtrust audit would be
weakened. Auditors should obtain the CA's assertion of compliance, and assess
whether it's reasonable with respect to the CA's CP/CPS and the target scope of
audit (i.e.
On 1/30/2015 5:59 AM, Jeremy Rowley wrote:
>> Some initial thoughts:
>>
>> 1) Membership in the CAB Forum is not required for a CA to commit to
>> complying with the BR, and if non-membership avoids any obligation to comply
>> with the BRs, I think you'll quickly see a mass exodus from the group
Kurt said "I think that the webtrust audit is also based on a certain version
of the BR and that they might not have been updated yet to check the latest
version. So I think the audit report should indicate which version was
checked. If an audit was not for the last version that doesn't mean C
> Some initial thoughts:
>
> 1) Membership in the CAB Forum is not required for a CA to commit to
> complying with the BR, and if non-membership avoids any obligation to comply
> with the BRs, I think you'll quickly see a mass exodus from the group. No
> member of the CAB Forum is bound to its
On 2015-01-28 23:49, Kathleen Wilson wrote:
All,
https://wiki.mozilla.org/CA:BaselineRequirements
Currently says: "The CA's CP or CPS documents must include a commitment
to comply with the BRs, as described in BR section 8.3."
section 8.3 says:
| The CA SHALL publicly give effect to these Requ
t; -Original Message-
> From: dev-security-policy
> [mailto:dev-security-policy-bounces+jeremy.rowley=digicert@lists.mozilla.org]
> On Behalf Of Kathleen Wilson
> Sent: Wednesday, January 28, 2015 3:49 PM
> To: mozilla-dev-security-pol...@lists.mozilla.org
> Subject: Ques
Hi Kathleen,
On Wed, Jan 28, 2015 at 02:49:22PM -0800, Kathleen Wilson wrote:
> https://wiki.mozilla.org/CA:BaselineRequirements
> Currently says: "The CA's CP or CPS documents must include a commitment to
> comply with the BRs, as described in BR section 8.3."
>
> I have been asked if a CA can h
n to this simple requirement is a mistake.
Jeremy
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+jeremy.rowley=digicert@lists.mozilla.org]
On Behalf Of Kathleen Wilson
Sent: Wednesday, January 28, 2015 3:49 PM
To: mozilla-dev-security-pol...@lists
All,
https://wiki.mozilla.org/CA:BaselineRequirements
Currently says: "The CA's CP or CPS documents must include a commitment
to comply with the BRs, as described in BR section 8.3."
I have been asked if a CA can have their Webtrust audit statement
indicate their commitment to comply with the
14 matches
Mail list logo
