On 6/01/13 09:48 AM, Ryan Sleevi wrote:
Perhaps it's this kind of thinking that leads to failed audits :)
It will, it does, and the information is readily available from the
previous post.
https://www.cabforum.org/Baseline_Requirements_V1_1.pdf Sections 14
through 16
Additionally, https://www.cabforum.org/Network_Security_Controls_V1.pdf
describes a series of controls jointly developed by the browsers and CAs.
Ryan, that's not true. I know it is easy to market the organsation as
being open and friendly, but some of us weren't born last night.
I think the truth is that it was developed by CABForum participants. In
private. Right? And then announced it to the world here:
12 - June -2012 -- Today, the CA/Browser Forum released a
draft "Network and Certificate System Security Requirements"
for public review, comment, and discussion. Comments may be
submitted through Friday, 22 June 2012
https://cabforum.org/pipermail/public/2012-June/000114.html
Right? Truth is important, right? So faith in the product has a
foundation?
CABForum participants are on record on that date to push a new
unreleased standard onto the world through Mozilla's public theater with:
10 days of public comment?
Right?
For the record: when was that document first worked on in CABForum?
iang
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography