On 6/01/13 09:48 AM, Ryan Sleevi wrote:

  Perhaps it's this kind of thinking that leads to failed audits :)

It will, it does, and the information is readily available from the
previous post.

https://www.cabforum.org/Baseline_Requirements_V1_1.pdf Sections 14
through 16

Additionally, https://www.cabforum.org/Network_Security_Controls_V1.pdf
describes a series of controls jointly developed by the browsers and CAs.

Ryan, that's not true. I know it is easy to market the organsation as being open and friendly, but some of us weren't born last night.

I think the truth is that it was developed by CABForum participants. In private. Right? And then announced it to the world here:

   12 - June -2012  -- Today, the CA/Browser Forum released a
   draft "Network and Certificate System Security Requirements"
   for public review, comment, and discussion.  Comments may be
   submitted through Friday, 22 June 2012


Right? Truth is important, right? So faith in the product has a foundation?

CABForum participants are on record on that date to push a new unreleased standard onto the world through Mozilla's public theater with:

      10 days of public comment?


For the record:   when was that document first worked on in CABForum?

cryptography mailing list

Reply via email to