Ian Grigg wrote [in part]: > > I previously wrote [also in part]: > > > The most important question is whether the Mozilla Foundation has > > received a copy of the Ernst & Young letter from Ernst & Young > > itself. The copy could be received under an agreement that it > > remain outside the public realm. However, without the letter -- > > not from QuoVadis (which would be self-serving) but from Ernst & > > Young -- the CA would be approved on hearsay without any real > > substantiation. > > I don't think this makes much difference. Most audits > are shrouded in secrecy, the full reports are generally > confidential, and the published letters are often so > full of equivocation that one wonders why anyone pays > any credence to them.
We're not talking about a financial audit here. We're talking about whether QuoVadis meets some well-documented, objective criteria. The Ernst & Young letter needs to say only two things: (1) they evaluatated QuoVadis against those criteria and (2) QuoVadis met the criteria. If the letter equivocates, that should be grounds for denying the request to implement the QuoVadis CA certificate into Mozilla's database. -- David E. Ross <http://www.rossde.com/> I use Mozilla as my Web browser because I want a browser that complies with Web standards. See <http://www.mozilla.org/>. _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
