- Original Message -
From: Kathleen Wilson kwil...@mozilla.com
To: mozilla-dev-security-pol...@lists.mozilla.org
Sent: Tuesday, September 2, 2014 10:43:56 PM
Subject: Re: Removal of 1024 bit roots - Thawte and GTE CyberTrust
On 9/2/14, 10:53 AM, Hubert Kario wrote:
Removing the
On 2014-08-27 18:15, Kathleen Wilson wrote:
Based on the discussion so far, I think the answer is that the CAs need
to work with their auditors to create a public-facing audit statement
that does not have information in it that the CA considers sensitive,
but that sufficiently lists the BRs that
I updated this part of the wiki page:
https://wiki.mozilla.org/CA:BaselineRequirements#Audit_Mistakes
The section is long, so I won't copy it all here.
The most significant change is the addition of the last sentence in this
paragraph:
When egregious mistakes were overlooked by the auditor,
Kathleen,
Would it make sense to poll auditors with this wording change? The are some on
the CABForum mailing list (Wayne could verify) as I suspect it would be more
beneficial for auditors themselves to see, agree and above all acknowledge the
intent behind the stance you are taking?
On 9/3/2014 2:43 PM, Matt Palmer wrote:
On Wed, Sep 03, 2014 at 02:24:04PM -0700, Kathleen Wilson wrote:
The most significant change is the addition of the last sentence in
this paragraph:
When egregious mistakes were overlooked by the auditor, or there
are a significant number of
On 9/3/14, 3:53 PM, David E. Ross wrote:
On 9/3/2014 2:43 PM, Matt Palmer wrote:
On Wed, Sep 03, 2014 at 02:24:04PM -0700, Kathleen Wilson wrote:
The most significant change is the addition of the last sentence in
this paragraph:
When egregious mistakes were overlooked by the auditor, or
6 matches
Mail list logo