On 02/13/2009 11:46 AM, Ian G:
Don't fixate on the title. CAs generally have some set of documents that
are internal / not published, and some set of documents that are
published. If someone like the WebTrust people come along and say "CPS
must be published" then the CPS gets thinner and some other document
gets fatter...
Might be true.
... (but many times I prefer not
to disprove your claims as it serves me other interests).
Perhaps you could share those other interests with all?
If I've been interested doing so I would have done so before, no? But to
give you a hint, it's goes along the sames lines that SSL certificates
costs thousands of dollars in order to enrich the CAs. It's a bit
similar with audits...true, audits are expensive, they are nowhere a
cheap thing (certificates may be too), but there have been numbers
thrown around which aren't anything near reality either.
David wrote, and you supported:
* All documents supplied as evidence should be publicly available and
must be addressed in any audit.
Yes, sure. We probably can't accept a document coming out of the blue,
otherwise lets get rid of the audit requirement then...
PS: So, just to clarify my own audit position here. As far as I see it,
it makes no odds to CAcert whether you add this requirement in or not,
because I have included or thought about or am aware of Mozilla from the
beginning, and probably won't be far away, afterwards. But that "Mozilla
first" approach only applies rarely. Perhaps only to CAcert, maybe
Startcom, dunno.
What are you talking about? Can you clarify?
Sorry, which part?
All of it, but specially the last part.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
