On Monday, February 13, 2017 at 3:14:06 PM UTC-8, Santhan Raj wrote: > On Monday, February 13, 2017 at 4:22:34 AM UTC-8, Gervase Markham wrote: > > > That is why, despite some IPR-related tangles, Mozilla will be requiring > > in its next CA Communication that all CAs move to using only those > > documented methods in a fairly short timeframe, regardless of what the > > BRs say. CAs may wish to not wait for that communication to arrive > > before starting to adapt their systems. > > Grev, > > One thing to highlight here is that the WebTrust audits are performed against > the BRs and not against the root program requirements. I.e., unless ballot > 169 makes it to the BRs, a (naughty) CA may still chose to use "any other > method" and it will not be flagged in the audit report, provided they > disclose as such in the CP/CPS. This means, Mozilla will have to review > (each) CA's CP/CPS to determine whether it validates _only_ using methods > specified in "the documented methods" and will have to do so for each CP/CPS > update. So hopefully 169 makes it's way to BR soon. > > -Santhan
And sorry I misspelled you name!!! _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
