The proposal is to require that all CP and CPS documents be provided in English, in addition to whatever original language they were written in. The reason for this is that the working language of the Mozilla root program is English, and Mozilla's root program staff cannot be expected to read the operating language of every CA. In addition, English is the lingua franca of the internet and making sure the documents are in English gives many more relying parties an opportunity to evaluate the practices of a CA.
The Github issue suggests including this in the main root store policy; however, perhaps it makes more sense to make it a requirement in the Mozilla CCADB policy, because the CCADB policy deals with the provision of audit documents. A similar proposal was previously discussed in m.d.s.policy and achieved a reasonable amount of support, although questions remain outstanding about how authoritative we should require the English version to be. https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/zCrSaJSHEwQ/_w0hOujsBwAJ There is also an open question about whether we require full translations to be provided only on inclusion, or whether we require them to be provided on an ongoing basis. I am in favour of the latter, for reasons outlined in the Github issue. So the draft text might be something like: "CAs must provide English versions of all Certificate Policy and Certification Practice Statement documents, with version numbers matching the document they are a translation of. The English version is not required to be authoritative in cases of dispute, but the CA must attest that the translation is not materially different to the original." We might need to update the CCADB to have fields for URLs for both the original language version and the English language version of each document. This is: https://github.com/mozilla/pkipolicy/issues/6 ------- This is a proposed update to Mozilla's root store policy for version 2.4. Please keep discussion in this group rather than on Github. Silence is consent. Policy 2.3 (current version): https://github.com/mozilla/pkipolicy/blob/2.3/rootstore/policy.md Update process: https://wiki.mozilla.org/CA:CertPolicyUpdates _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
