On Thu, Aug 28, 2014 at 02:40:08PM +0800, Man Ho (Certizen) wrote: > On 8/28/2014 9:42 AM, Man Ho (Certizen) wrote: > > I think some CAs don't > > even want to claim they are CAB/Forum BR compliant, but just want to be > > included in all root certificate programs. > > What I mean is that some CAs don't want to claim they are CAB/Forum BR > compliant, but committed to conform to it in order to be included in all > root certificate programs. They just don't bother to publicly claim that > they have any connection with CAB/Forum.
I don't believe a CA has to claim any connection with the CA/B Forum. They merely have to assert (and have that assertion supported by an audit finding) that they're compliant with either the WebTrust criteria (which are based off the CA/B Forum requirements), or one of a couple of ETSI standards (which, I believe, aren't). - Matt -- "I invented the term object-oriented, and I can tell you I did not have C++ in mind." -- Alan Kay _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
