Hi Kathleen,
In a meeting with our compliancy team today we were looking in detail at the processes we use to map the various rule sets to each other and to our CP and CPS. The recent changes by the CABForum to align Baseline Requirements to RFC 3647 has significantly improved the efficiency of the verification process for GlobalSign and our auditors. Is there a possibility that Mozilla could look to align their policy to RFC too? I realize that would be a herculean effort, but it would be an effort once rather than in reverse for each CA each time the rules change and or a new CA appears. In effect we would have alignment horizontally as follows:- RFC Section XX | Simple text on what the key elements are for XX | CP | CPS | Baseline Requirements | Mozilla Policy | (Future (EV Requirements) | (Future) - Microsoft Requirements etc) | (Future) - Apple needs etc) | Other etc I added the "Simple text" section as I think it would be good to establish to all parties what each RFC section needs in simple 'Plain English' terms. This would help CP and CPS authors and reviewers alike to ensure they addressed those needs in full. This would certainly help all non-English speaking CA's and reviewers. Eventually the simple text portion 'could' be translated to add further clarity. i.e. Bringing order to the galaxy ;-) Kind Regards Steve Roylance
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
