Draft 11 of CA certificate policy

Sun, 27 Feb 2005 15:06:58 -0800

I've done a new draft 11 of the proposed CA certificate policy; you can find it at the usual place:

  http://www.hecker.org/mozilla/ca-certificate-policy

Major changes in the draft are as follows (in order of occurrence in the document):

* Strengthened the language in paragraph 4 to cover rejecting CA requests if we believe it's appropriate to do so.

* Modified paragraph 6 to add requirements relating to verification of certificate signing requests.

* Added a new paragraph 7 to describe minimum verification requirements for each type of certificate. (Renumbered succeeding paragraphs accordingly.) The requirements are as I've outlined them previously.

* Added a new paragraph 14 noting that the Mozilla Foundation will designate someone to handle CA requests. I used the term "module owner" rather than "CA coordinator" as suggested by Ian G for consistency with terminology used elsewhere in the Mozilla project.

As always, comments, questions, and suggested changes are welcome. The changes in this draft were primarily intended to address putting a minimum "floor" in place regarding requirements on CA, particularly for audit regimes like WebTrust where some have contended that no such floor is actually present. (Note that I added language regarding authorized agents, as previously promised.)

I've previously explained my reasons for choosing the particular requirements I've included, so I won't repeat those comments here. I realize that some may see the language regarding "reasonable measures" as unnecessarily subjective, however I don't want to try to anticipate (and more important, provide policy language for) all the different ways in which CAs might vet subscribers. I'll include examples and additional guidance on this subject in the policy details FAQ.

"Hope springs eternal...", as they say, but I really do believe that this draft (or something very close to it) is suitable for submission to the Mozilla Foundation for consideration as a 1.0 policy. If you strongly object please let me know.

Frank

--
Frank Hecker
[EMAIL PROTECTED]
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto

Reply via email to