On Tuesday, March 1, 2016 at 1:34:49 PM UTC-8, Varga Viktor wrote: > I just want to ask you, is not the PDS is enough for this? > > 119411-1 (319411-1) says you need publish PKI Disclosure Staetement (PDS) > 119411-2 (319411-2) refences for certificate profiles the 119412-5 > > The 119412-5 (319412-5) says in section 5 Requirements on QCStatements in EU > qualified certificates in the last row of the table, that you need to have > minimum one ereference to an english PDS. > > So for qualified certificates are mandatory why dont extend it for all root > certs and usages? > > I think nearly nobody reads trough a CP or CPS, but the PDS gives reasonably > view for a customer, and most of the CAs already have it in english.
For matters of inclusion, renewals, or violations, we absolutely read through the CP and CPS quite thoroughly, as these practices are all of direct relevance to the broader Internet community. To that end, a PDS is frequently insufficient, and only relevant to qualified certificates, which are themselves not something worth emulating :) _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
