Thank you Toria. On Tue, Sep 11, 2018 at 7:32 AM chenxiaotong--- via dev-security-policy < [email protected]> wrote:
> 在 2018年9月1日星期六 UTC+8上午7:19:49,Wayne Thayer写道: > > > > * The CP/CPS documents contain version histories, but they didn’t > describe > > what changed in each version. SHECA began including this information in > the > > latest versions of these documents. > > I confirmed that the current CP/CPS documents now contain full version histories. > > > * The non-EV CP and CPS section 6.1 seem to permit CA generation of key > > pairs for SSL certificates in violation of section 5.2 of Mozilla policy. > > SHECA states that they have never generated key pairs for Subscribers and > > revised this section of the CPS, but my interpretation is that the > revision > > does not forbid SHECA from generating subscriber key pairs. > > > I am satisfied by the following statement that was added: "For certificates issued by UCA Global G2 Root and UCA Extended Validation Root, SHECA must not generate key pair for subscribers." > > Hello, > > SHECA just published the new CP/CPS, which added the changes description > of all historical veresions, as well as stated that for certificates issued > by UCA Global G2 Root and UCA Extended Validation Root, SHECA must not > generate key pair for subscribers. > Please refer to links below for details: > Non-EV CP > https://assets-cdn.sheca.com/documents/unitrust-certificate-policy-en-v1.4.1.pdf > Non-EV CPS > https://assets-cdn.sheca.com/documents/sheca-certification-practice-statement-en-v3.6.3.pdf > EV-CP > https://assets-cdn.sheca.com/documents/unitrust-ev-certificate-policy-en-v1.6.pdf > EV-CPS > https://assets-cdn.sheca.com/documents/unitrust-ev-certification-practice-statement-en-v1.4.3.pdf > > Thanks. > Toria Chen > > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
