On Fri, Jan 12, 2018 at 2:27 PM, Wayne Thayer via dev-security-policy < [email protected]> wrote:
> On Thursday, June 1, 2017 at 5:03:15 PM UTC-7, Kathleen Wilson wrote: > > On Friday, May 26, 2017 at 9:32:57 AM UTC-7, Kathleen Wilson wrote: > > > On Wednesday, March 15, 2017 at 5:01:13 PM UTC-7, Kathleen Wilson > wrote: > > > All, > > > > > > I requested that this CA perform a BR Self Assessment, and they have > attached their completed BR Self Assessment to the bug here: > > > https://bugzilla.mozilla.org/show_bug.cgi?id=1065896#c30 > > > > > > Aaron has reviewed and verified the BR Self Assessment. > > > > > > Therefore, I plan to approve this request from the Government of > Taiwan (GRCA) to include their "Government Root Certification Authority" > root certificate, and turn on the Websites and Email trust bits, and > constrain this root to *.tw. > > > > > > If there are no further concerns, then I will close this discussion > and recommend approval in the bug. > > > > > > > After further consideration, I have decided to wait for the CA to > provide their updated CP/CPS that will address all of the shortcomings that > they noted in their BR Self Assessment that they plan to fix in the next > version of their CP/CPS. > > > > So, this discussion will be on hold again until I have received and > reviewed their updated CP/CPS documents. > > We have received the updated CP/CPS and have received and verified the > most recent audits for this CA. Since we haven't yet implemented the > changes to our inclusion process proposed by Kathleen a few days ago, I am > now restarting discussion on this request, and I will post my comments once > the CP/CPS review is completed. > > I plan to recommend that the XCA, MOICA, and MOEACA sub-CAs be added to > OneCRL because they are neither technically constrained or BR audited. > Has any consideration been given to adopt a similar policy as discussed with the Government of Korea application - https://bugzilla.mozilla.org/show_bug.cgi?id=1226100#c38 _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
