Dear Ryan, You have right. For audit or inclusion maybe its needed.
I am 100% sure, that only users with auditor attitude are reading our CP or CPSes, none of the customers. regards. Viktor Varga Netlock -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+varga.viktor=netlock...@lists.mozilla.org] On Behalf Of Ryan Sleevi Sent: Tuesday, March 1, 2016 11:10 PM To: [email protected] Subject: Re: Policy Update Proposal: Require full CP/CPS in English On Tuesday, March 1, 2016 at 1:34:49 PM UTC-8, Varga Viktor wrote: > I just want to ask you, is not the PDS is enough for this? > > 119411-1 (319411-1) says you need publish PKI Disclosure Staetement > (PDS) > 119411-2 (319411-2) refences for certificate profiles the 119412-5 > > The 119412-5 (319412-5) says in section 5 Requirements on QCStatements in EU > qualified certificates in the last row of the table, that you need to have > minimum one ereference to an english PDS. > > So for qualified certificates are mandatory why dont extend it for all root > certs and usages? > > I think nearly nobody reads trough a CP or CPS, but the PDS gives reasonably > view for a customer, and most of the CAs already have it in english. For matters of inclusion, renewals, or violations, we absolutely read through the CP and CPS quite thoroughly, as these practices are all of direct relevance to the broader Internet community. To that end, a PDS is frequently insufficient, and only relevant to qualified certificates, which are themselves not something worth emulating :) _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
