Gerv, first thanks for doing this – it helps. Second – I’m still thinking about the text of the addition. You propose “and whose activities are not within the scope of the appropriate CA audits”. We discussed briefly at the meeting, and I know what you mean by the phrase and agree with it.
The definition has two references to “the CA”, so I’m wondering if we should just use “the CA’s” in the new language you would add. So the change would be as follows: Delegated Third Party: A natural person or Legal Entity that is not the CA, and whose activities are not within the scope of the appropriate CA’s audits, but is authorized by the CA to assist in the Certificate Management Process by performing or fulfilling one or more of the CA requirements found herein. What do you think? I worry that including “appropriate” could create potential ambiguity as to which audits are the “appropriate” ones for this definition. Saying “the CA’s audits” should cover all the CA’s audits. (If the DTP’s activities are not examined in a particular audit because of the nature of the audit, they are still within the “scope” of that audit.) From: Public [mailto:[email protected]] On Behalf Of Gervase Markham via Public Sent: Thursday, June 22, 2017 4:29 AM To: CABFPub <[email protected]> Cc: Gervase Markham <[email protected]> Subject: [EXTERNAL][cabfpub] Updating DTP definition Before we move the ballot forbidding DTPs from doing domain validation, we need to update the definition of DTP to make sure it excludes people and activities covered by the CA's audit. The current definition is: Delegated Third Party: A natural person or Legal Entity that is not the CA but is authorized by the CA to assist in the Certificate Management Process by performing or fulfilling one or more of the CA requirements found herein. Here is a proposed updated definition: Delegated Third Party: A natural person or Legal Entity that is not the CA, and whose activities are not within the scope of the appropriate CA audits, but is authorized by the CA to assist in the Certificate Management Process by performing or fulfilling one or more of the CA requirements found herein. Does Gerv
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
