On 4/23/15 4:21 PM, Kathleen Wilson wrote:
All,
It has been brought to my attention that we do not have a documented
procedure or policy about how to transfer a root certificate from one CA
to another.
Do we need to add expectations about root cert transfers to Mozilla's CA
Certificate Policy?
You're misreading the EV Guidelines. The certificate approver represents the
applicant, not the CA, and is the individual authorized to say "Yes, Mozilla is
really the entity requesting the certificate". To address your concerns:
The people responsible for the DigiCert root cert (or any root c
It has been clear to me for quite some time that the current policies do
nothing to encourage responsible CA management. CA policies continue to be
based on maintaining legal deniability and opaque processes.
Consider Mozilla's own EV Certificate:
https://bugzilla.mozilla.org/show_bug.cgi?id=4
On 05/05/15 21:54, Kathleen Wilson wrote:
> EXAMPLE/DRAFT Survey Link:
> https://community-mozillacaprogram.cs21.force.com/Communications/TakeSurvey?id=a04q004jpXoAAI&cId=&caId=none
LGTM.
Gerv
___
dev-security-policy mailing list
dev-security-polic
4 matches
Mail list logo