On 3/23/2018 11:34 AM, Wayne Thayer wrote: > Recently I've received a few questions about audit requirements for > subordinate CAs newly issued from roots in our program. Mozilla policy > section 5.3.2 requires these to be disclosed "within a week of certificate > creation, and before any such subCA is allowed to issue certificates.", but > says nothing about audits.
"CA" = "certification authority" Do you really mean "subordinate certification authorities newly issued from roots"? If so, what does that mean? Or do you mean "subordinate certificates newly issued from roots"? I do not really want to be picky. However, when dealing with something as important as Internet security, being picky is mandatory. -- David E. Ross <http://www.rossde.com/> President Trump: Please stop using Twitter. We need to hear your voice and see you talking. We need to know when your message is really your own and not your attorney's. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
