Ian Grigg wrote [in part]: > > Lots of comments on audits. In brief, I suggest they be > treated as "just another thing that some CAs might do" > and not be given a class of their own. > > I personally think professional audits are a sick joke. > If someone says to me "XYZ CA" is audited, the only thing > I'm interested in is how much they paid the auditor, which > is good money turned to bad, now not available to make > things better. > > I'm often alone in this radical skepticism, but, anyone > who had shares in Enron or any mutual funds might feel > sympathy with the pov. Maybe also, all the shareholders > of all the S&Ls, in the eighties, might understand.
You have confused financial audits -- which are not the subject of this metapolicy -- with process audits. If it makes you more comfortable or if it clarifies what is meant, then perhaps the metapolicy should instead refer to accreditation. In the end, what is needed is a FORMAL review of the practices of the CA in accord with published criteria. -- David E. Ross <http://www.rossde.com/> I use Mozilla as my Web browser because I want a browser that complies with Web standards. See <http://www.mozilla.org/>. _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
