I agree with Steve. Being able to compare CP documents readily is the point behind the 3647 format. We converted the BRs to 3647 so members can compare their CPS side-by-side with the BRs and see where there is a deficiency. Comparing the Mozilla policy in a 3647 would make the CPS reviews and compliance monitoring a LOT easier.
-----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert....@lists.mozilla.org] On Behalf Of Kathleen Wilson Sent: Wednesday, August 26, 2015 12:59 PM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Mozilla Policy - Suggestion for the future On 8/26/15 11:56 AM, Kathleen Wilson wrote: > On 8/26/15 12:37 AM, Steve Roylance wrote: >> Hi Kathleen, >> >> >> >> In a meeting with our compliancy team today we were looking in detail >> at the processes we use to map the various rule sets to each other >> and to our CP and CPS. >> >> The recent changes by the CABForum to align Baseline Requirements to >> RFC >> 3647 has significantly improved the efficiency of the verification >> process for GlobalSign and our auditors. >> >> >> >> Is there a possibility that Mozilla could look to align their policy >> to RFC >> too? I realize that would be a herculean effort, but it would be an >> effort once rather than in reverse for each CA each time the rules >> change and or a new CA appears. In effect we would have alignment >> horizontally as >> follows:- >> >> >> >> RFC Section XX | Simple text on what the key elements are for XX | >> CP | CPS | Baseline Requirements | Mozilla Policy | (Future (EV >> Requirements) | (Future) - Microsoft Requirements etc) | (Future) - >> Apple needs etc) | Other etc >> > > > > I am not opposed to doing that, and I would like to here what others > think of this idea. > > However, I would like to release version 2.4 first, before embarking on > that effort (if everyone thinks we should do the re-alignment project). > > Kathleen > correction: I would like to *hear* what others think of this idea. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
