On Thu, Nov 19, 2015 at 6:22 PM, Matt Palmer <[email protected]> wrote:
> On Thu, Nov 19, 2015 at 05:00:03PM -0800, Kathleen Wilson wrote: > > Insert 3rd bullet point: > > "- translate into English the Certificate Policy and Certification > Practice > > Statement documents pertaining to the certificates to be included and the > > trust bits to be enabled;" > > > > I will appreciate recommendations about how to improve this proposed > update. > > Some wording to require CAs to acknowledge that this translation is not > merely informative, but in fact a binding agreement with the Internet > community, would be useful. I can easily imagine a CA claiming, in the > event of a breach of the CPS, that the "authoritative" version, in an > alternate language, doesn't describe things in quite the same way, and so > isn't a breach. > > > Is this a reasonable requirement to add? > > I think it is. The working language of the technical Internet (and this > list) The latter is the important thing here: This is the community that is evaluating and making decisions based on these documents, so the commitments in them need to be intelligible to us. --Richard > is, for better or worse, English, and ensuring that the core > documentation of a CA's agreement with the Internet community is consumable > by the largest possible number of interested parties is an important goal. > > - Matt > > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
