I would like to discuss this proposal[1] next:
- (D26) Add a requirement for CAs to provide English-translated versions
of their complete CP / CPS
I think we would have to narrow it down a bit, because some CAs have
several CP/CPS documents for their various product offerings, not
related to SSL or S/MIME certs.
So, how about if we add a bullet point to section 6 of the Inclusion
policy, which currently starts as follows.
https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/
~~
6. We require that all CAs whose certificates are distributed with our
software products:
- provide some service relevant to typical users of our software products;
- publicly disclose information about their policies and business
practices (e.g., in a Certificate Policy and Certification Practice
Statement);
~~
Insert 3rd bullet point:
"- translate into English the Certificate Policy and Certification
Practice Statement documents pertaining to the certificates to be
included and the trust bits to be enabled;"
I will appreciate recommendations about how to improve this proposed update.
Is this a reasonable requirement to add?
Are there any arguments against adding this requirement that we should
consider?
Thanks,
Kathleen
[1] https://wiki.mozilla.org/CA:CertificatePolicyV2.3
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
