On 11/19/2015 5:00 PM, Kathleen Wilson wrote: > I would like to discuss this proposal[1] next: > > - (D26) Add a requirement for CAs to provide English-translated versions > of their complete CP / CPS > > I think we would have to narrow it down a bit, because some CAs have > several CP/CPS documents for their various product offerings, not > related to SSL or S/MIME certs. > > So, how about if we add a bullet point to section 6 of the Inclusion > policy, which currently starts as follows. > https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/ > ~~ > 6. We require that all CAs whose certificates are distributed with our > software products: > - provide some service relevant to typical users of our software products; > - publicly disclose information about their policies and business > practices (e.g., in a Certificate Policy and Certification Practice > Statement); > ~~ > > Insert 3rd bullet point: > "- translate into English the Certificate Policy and Certification > Practice Statement documents pertaining to the certificates to be > included and the trust bits to be enabled;" > > I will appreciate recommendations about how to improve this proposed update. > > Is this a reasonable requirement to add? > > Are there any arguments against adding this requirement that we should > consider? > > > Thanks, > Kathleen > > [1] https://wiki.mozilla.org/CA:CertificatePolicyV2.3 >
Note: Airline pilots and air-traffic controllers involved with international flights are required to be sufficiently proficient in English so that all air-traffic control communications are in English. Thus, while this requirement for CP/CPS might seem ethnocentric, it has a precedent. How about: > - provide authoritative, binding English translations of the > Certificate Policy and Certification Practice Statement documents > pertaining to the certificates to be included and the trust bits to > be enabled; -- David E. Ross The Crimea is Putin's Sudetenland. The Ukraine will be Putin's Czechoslovakia. See <http://www.rossde.com/editorials/edtl_PutinUkraine.html>. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
