On 8/26/15 11:56 AM, Kathleen Wilson wrote:
On 8/26/15 12:37 AM, Steve Roylance wrote:
Hi Kathleen,
In a meeting with our compliancy team today we were looking in detail
at the
processes we use to map the various rule sets to each other and to our CP
and CPS.
The recent changes by the CABForum to align Baseline Requirements to RFC
3647 has significantly improved the efficiency of the verification
process
for GlobalSign and our auditors.
Is there a possibility that Mozilla could look to align their policy
to RFC
too? I realize that would be a herculean effort, but it would be an
effort once rather than in reverse for each CA each time the rules change
and or a new CA appears. In effect we would have alignment
horizontally as
follows:-
RFC Section XX | Simple text on what the key elements are for XX |
CP |
CPS | Baseline Requirements | Mozilla Policy | (Future (EV
Requirements) | (Future) - Microsoft Requirements etc) | (Future) -
Apple needs etc) | Other etc
I am not opposed to doing that, and I would like to here what others
think of this idea.
However, I would like to release version 2.4 first, before embarking on
that effort (if everyone thinks we should do the re-alignment project).
Kathleen
correction:
I would like to *hear* what others think of this idea.
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
