http://www.hecker.org/mozilla/ca-certificate-policy/
the proposed details of the policy and how it would be implemented:
http://www.hecker.org/mozilla/ca-certificate-faq/policy-details/
and (for good measure) an HTML version of the metapolicy I posted earlier:
http://www.hecker.org/mozilla/ca-certificate-metapolicy/
Note that the URLs are different than the URLs I used earlier, as I decided to change the names of the documents slightly.
At this point I think the most important thing missing is a detailed discussion of the threat model and the assessment criteria that flow from it. I'm sorry I haven't had time to digest all the postings that discussed threat models and to try to synthesize a proposed consensus model; that will be my next task when I find time for it.
I also apologize if there were comments and suggested revisions submitted that were not reflected in these new versions. I also need to go back and review those submissions to see if there's anything I'd like to incorporate in the next draft.
And finally, a big "I'm sorry" to all the CAs out there who've sent in requests thus far, requests which have gone unanswered and (in many cases) unacknowledged. I'm really not in a position right now to approve or deny requests -- and in any case I may need to confine my activities to getting the policy written, and then turn the duties of evaluating requests over to someone else who has the time and knowledge to do a better job of it.
Frank
-- Frank Hecker [EMAIL PROTECTED] _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
