On 20/03/2018 20:55, Tim Hollebeek wrote:
The BRs already cover this. The point is that once a CA stops
auditing, there's an issue about ensuring conformance.
Actually, they don't. They have an empty placeholder section for wind down
procedures. Surely one could blindly apply the full BRs to the situation,
which
I am arguing against.
The reason the placeholder is there is because we discussed wind down
procedures in the policy working group, and decided that all bets were off
at that point and there wasn't anything useful one could say about the
situation in general.
A CA can have assurances about what it would do in such a situation, but
smart individuals might intelligently question whether it would ever be
possible to rely on such assurances, short of some sort of contractual
obligation with the CA.
And even in the event you have such a favorable contractual obligation,
you're still likely to find yourself in a bad place.
Basically, once the audits cease, all bets are off. One could speculate the
same is probably true up to one year prior to cessation of audits.
Which is precisely why I suggested ongoing audits of compliance with
wind down procedures (such as maintaining private key protection and
some auditable technical mechanism to prevent/detect issuance).
But the auditing of issuance procedures when 0 certs issued would be
pretty trivial (audit that 0 were issued, and maybe add stub text saying
that 100% of 0 were proper and not misissued). Thus it would make sense
to have a simplified audit report template for this.
Similarly, other procedures can be simplified once there is audited
assurance that nothing will be issued. For example no need to answer
questions about issuance procedures.
From another post today, it seems that Turktrust's audit of no issuance
(technically a full audit) is overdue, which is clearly a problem.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy