> pzb: According to the opinion letter: > "followed the CA key generation and security requirements in its: > Google Internet Authority G2 CPS v1.4" (hyperlink omitted)
> According to that CPS, "Key Pairs for the Google Internet Authority > are generated and installed in accordance with the contract between > Google and GeoTrust, Inc., the Root CA." > Are you asserting that the authority for the key generation process > the new Google roots is "the contract between Google and GeoTrust, > Inc."? No, that is not the intent of that statement, it is a good catch. This is simply a poorly worded statement. To clarify our acquisition of these keys and certificates are independent of our agreement with GeoTrust, Inc. The Intent of that statement is to say that the technical requirements of that contract, which in essence refer to meeting the WebTrust requirements, were followed. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
