Policy 2.7.1: Process Overview

2020-11-09 Thread Ben Wilson via dev-security-policy
Re-posting this email to start it with its own subject line and to start a new thread: There have been questions about the process being followed and the comment period. Here is where it now stands. I intend to introduce the remaining discussion topics over the next three weeks. I did not

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

2020-11-09 Thread Ryan Sleevi via dev-security-policy
On Mon, Nov 9, 2020 at 11:53 AM Clemens Wanko via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Hi Ryan, hi all, > well, isn’t the point to make here just, that there are multiple ways to > ensure proper auditor qualification? No matter which way you like to go > however,

Re: NAVER: Public Discussion of Root Inclusion Request

2020-11-09 Thread Ben Wilson via dev-security-policy
Step 6 of CA Application Process : *Summary of Discussion and Resulting Decision:* One commenter stated that it appeared that a few certificates were misissued, i.e. that the stateOrProvinceName field (“S” field) should probably be the

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

2020-11-09 Thread Dimitris Zacharopoulos via dev-security-policy
On 7/11/2020 3:12 μ.μ., Ryan Sleevi wrote: On Sat, Nov 7, 2020 at 4:52 AM Dimitris Zacharopoulos mailto:ji...@it.auth.gr>> wrote: I will try to further explain my thoughts on this. As we all know, according to Mozilla Policy "CAs MUST follow and be aware of discussions in the

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

2020-11-09 Thread Clemens Wanko via dev-security-policy
Hi Ryan, hi all, well, isn’t the point to make here just, that there are multiple ways to ensure proper auditor qualification? No matter which way you like to go however, you must define the details of your regime: what is the criteria you require the auditor to fulfill, how do you organize

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

2020-11-09 Thread Ben Wilson via dev-security-policy
Hi Dimitris, I intend to introduce the remaining discussion topics over the next three weeks. I did not announce an end to the discussion period on purpose, so that we can have as full of a discussion as possible. Also, in the next three weeks, I intend to start summarizing the discussions and

Re: Policy 2.7.1: MRSP Issue #192: Require information about auditor qualifications in the audit report

2020-11-09 Thread Dimitris Zacharopoulos via dev-security-policy
Thank you Ben, this is really helpful. Dimitris. On 2020-11-09 6:52 μ.μ., Ben Wilson via dev-security-policy wrote: Hi Dimitris, I intend to introduce the remaining discussion topics over the next three weeks. I did not announce an end to the discussion period on purpose, so that we can have