Ryan Sleevi schrieb:
Under the current inclusion policies, what would prohibit Honest Achmed's Used CA from offering code-signing or email certificates? Achmed would need an audit - under either ETSI TS 101 456 v1.4.3 with QCP, WebTrust "Principles and Criteria for Certification Authorities 2.0", or ISO 21188:2006.
[...]
Would Achmed need to stand up a CRL service? No. OCSP? Nope. Achmed could get by with no revocation services. They could charge to download their root certificates, or to even find out if a certificate has been revoked. Achmed could be offline 99% of the time, and they'd still be abiding by Mozilla's policies. Achmed could regularly misissue certificates,
No, they would not abide to mozillas policies, because they would violate the requirements set forth by the audit schemes.
Juergen _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
