I appreciate your patience and continued feedback as we work together to get this all correct and usable.
https://wiki.mozilla.org/CA/Root_Inclusion_Considerations I have incorporated recent feedback as follows. - Changed “network surveillance…” to: network surveillance <https://en.wikipedia.org/wiki/Computer_and_network_surveillance#Network_surveillance> that intercepts/manipulates traffic or collects private information about a person or organization and sends it to another entity without the permission of the person or organization, or in a way that endangers the privacy or device security of the person or organization - Changed “cyber espionage …” to: cyber espionage <https://en.wikipedia.org/wiki/Cyber_spying> that aims to obtain private information from a person or organization without the knowledge or permission of the person or organization for personal, economic, political or military advantage. - Changed “Deliberately violated Mozilla's Root Store Policy …” to: Deliberately violated the version of Mozilla's Root Store Policy or other applicable policy that was in effect at the time that the violation occurred - Under “The CA operator appears to have:” added: Made intentionally deceptive or recklessly misleading claims relating to operation of the CA or the use of its certificates - Changed “The CA's representatives are not fully transparent on matters such as legal domicile and ownership.” to: The CA's representatives are not fully transparent on matters such as legal domicile and Control. -- "Control" (and its correlative meanings, "controlled by" and "under common control with") means possession, directly or indirectly, of the power to: (1) direct the management, personnel, finances, or plans of such entity; (2) control the election of a majority of the directors ; or (3) vote that portion of voting shares required for "control" under the law of the entity's Jurisdiction of Incorporation or Registration but in no case less than 10%. - Changed “Fails to provide prompt and detailed responses to Mozilla inquiries…” to: Fails to provide prompt, detailed, public, and transparent responses to Mozilla inquiries about their CA operations, root inclusion requests, policy documents, audit statements, and incidents. - Changed “Has non-contiguous audit periods” to: Has non-contiguous audit periods; meaning that there is one day or more between consecutive audit periods. Thanks, Kathleen -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/a33177a6-6246-4031-8497-463fc7069e40n%40mozilla.org.
