On Fri, Nov 20, 2015 at 8:12 AM, Richard Barnes <[email protected]> wrote:
> On Thu, Nov 19, 2015 at 6:22 PM, Matt Palmer <[email protected]> wrote: > > > On Thu, Nov 19, 2015 at 05:00:03PM -0800, Kathleen Wilson wrote: > > > Insert 3rd bullet point: > > > "- translate into English the Certificate Policy and Certification > > Practice > > > Statement documents pertaining to the certificates to be included and > the > > > trust bits to be enabled;" > > > > > > I will appreciate recommendations about how to improve this proposed > > update. > > > > Some wording to require CAs to acknowledge that this translation is not > > merely informative, but in fact a binding agreement with the Internet > > community, would be useful. I can easily imagine a CA claiming, in the > > event of a breach of the CPS, that the "authoritative" version, in an > > alternate language, doesn't describe things in quite the same way, and so > > isn't a breach. > > > > > Is this a reasonable requirement to add? > > > > I think it is. The working language of the technical Internet (and this > > list) > > > The latter is the important thing here: This is the community that is > evaluating and making decisions based on these documents, so the > commitments in them need to be intelligible to us. > > --Richard > > This is a hard problem, but it cuts both ways. The community that is executing the commitments also needs to have intelligible documents that can be shared and understood among all that could participate in the process of delivering and protecting certificates. For this to really work well we should attempt to have good translations in both directions, understand that this is hard. The Airline example is a good one, but these communications have a critical time constraint. e.g. I must land my plane now! With the content we are talking about its probably more important to get the content right, and understandable by all parties involved than it is to do it fast and on a time critical timeline. It might be worth identifying some sections of the operational requirements that need to have good translations in order to reduce the chances of injecting human error due to participants in the process not understanding and communicating responsibilities correctly. It's probably these human error's that we've seen show up that need to have the most attention, and we don't want the human errors to be compounded by the fact that the instructions were not in a language that was well understood. Our mozilla translation community might also be a helpful part of this as a sanity check and review to see if the language in both translations directions is effective and matching in intent. -chofmann > > > is, for better or worse, English, and ensuring that the core > > documentation of a CA's agreement with the Internet community is > consumable > > by the largest possible number of interested parties is an important > goal. > > > > - Matt > > > > _______________________________________________ > > dev-security-policy mailing list > > [email protected] > > https://lists.mozilla.org/listinfo/dev-security-policy > > > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
