Eddy Nigg (StartCom Ltd.) wrote: > Gervase Markham wrote: >> They were audited (if they had a WebTrust audit) to see how closely >> they followed their procedures. No assessment was made as to the >> rigour or quality of those procedures. > WebTrust or not, is not a function here! But an audit confirms the > procedures and controls in place. The policy and practices of the CA are > the basis of this assessment, which is publicly available! Therefor they > are not secret and proprietary, which was your original wrong statement! > And yes, the policy and practices define the quality of those procedures!
I am under the impression that the policies and practices are actually not publicly available. Can you provide links that document these for some common CAs, to the level described in the EV cert draft? -- Heikki Toivonen _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
