On 16/01/2017 12:31, Gervase Markham wrote:
On 13/01/17 02:00, Ryan Sleevi wrote:
Suggestion: "List of CA policy documents _and versions_"
Yes, good idea.
Gerv
How about "_and versions and strong (>= 256 bits) hashes_",
given recent confusion about CP/CPS translation change procedures at at
least one candidate CA (Note that I deliberately don't tie this to a
single hash standard, any actually secure hash algorithm with that many
bits should withstand non-quantum attacks for the foreseeable future).
An auditor qualified to inspect CA operations should have no problem
generating such hashes for the documents audited, and a future update
of the Mozilla "CA community portal" might include a script that checks
these hashes while archiving the CP/CPS documents.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
