On 2014-09-17 00:52, Kathleen Wilson wrote:
https://wiki.mozilla.org/CA:BaselineRequirements#Whole-Population_Audit_of_Intermediate_Certs
I really like this section, it makes things clear.
https://wiki.mozilla.org/CA:BaselineRequirements#WebTrust_BR_Audit_Statement
All,
I updated the following sections of the CA:BaselineRequirements wiki
page based on feedback that I received from auditors. Please re-review
these sections, and reply if you have feedback on them.
I updated this part of the wiki page:
https://wiki.mozilla.org/CA:BaselineRequirements#Audit_Mistakes
The section is long, so I won't copy it all here.
The most significant change is the addition of the last sentence in this
paragraph:
When egregious mistakes were overlooked by the auditor,
Kathleen,
Would it make sense to poll auditors with this wording change? The are some on
the CABForum mailing list (Wayne could verify) as I suspect it would be more
beneficial for auditors themselves to see, agree and above all acknowledge the
intent behind the stance you are taking?
On 9/3/2014 2:43 PM, Matt Palmer wrote:
On Wed, Sep 03, 2014 at 02:24:04PM -0700, Kathleen Wilson wrote:
The most significant change is the addition of the last sentence in
this paragraph:
When egregious mistakes were overlooked by the auditor, or there
are a significant number of
On 9/3/14, 3:53 PM, David E. Ross wrote:
On 9/3/2014 2:43 PM, Matt Palmer wrote:
On Wed, Sep 03, 2014 at 02:24:04PM -0700, Kathleen Wilson wrote:
The most significant change is the addition of the last sentence in
this paragraph:
When egregious mistakes were overlooked by the auditor, or
On 8/20/14, 5:57 PM, Ryan Sleevi wrote:
Regarding Whole-Population BR Audit of Intermediate Certs, since the BRs
are for SSL certs, this should probably only apply to intermediate certs
that are capable of issuing SSL certs.
Agreed, which will require a definition of capability. This was
On 8/19/14, 5:37 PM, Kathleen Wilson wrote:
All,
I started a new wiki page to document Mozilla's expectations regarding
CA compliance with the BRs, and auditing according to the BRs.
https://wiki.mozilla.org/CA:BaselineRequirements
It is a very rough draft, but I would appreciate feedback on
On Wed, August 20, 2014 5:17 pm, Kathleen Wilson wrote:
On 8/19/14, 5:37 PM, Kathleen Wilson wrote:
All,
I started a new wiki page to document Mozilla's expectations regarding
CA compliance with the BRs, and auditing according to the BRs.
All,
I started a new wiki page to document Mozilla's expectations regarding
CA compliance with the BRs, and auditing according to the BRs.
https://wiki.mozilla.org/CA:BaselineRequirements
It is a very rough draft, but I would appreciate feedback on it.
Thanks,
Kathleen
On 2014-08-13 20:16, Kathleen Wilson wrote:
4) I think we need to formally augment the audit process with software
tools; such as analysis of data of existing sites chaining up to roots
being considered for inclusion. And also run periodically for included
roots.
I think it would be useful if
On 2014-08-14 14:42, Kurt Roeckx wrote:
Do we also need a policy about how fast we would like issues to be
fixed? At which point do we remove a CA that does not comply?
So CAB baseline has:
13.1.5 Reasons for Revoking a Subscriber Certificate
The CA SHALL revoke a Certificate within 24 hours
All,
As the CFCA discussion showed, there are a few things still to figure
out regarding the audits of CA conformance to the BRs.
Here are my proposals.
1) BR Audits should always include the whole-population audit of
intermediate certificates.
The CA's roots and all of their intermediate
On 8/13/2014 11:16 AM, Kathleen Wilson wrote [in part]:
All,
As the CFCA discussion showed, there are a few things still to figure
out regarding the audits of CA conformance to the BRs.
Here are my proposals.
[snipped}
3) If the CA's auditor missed something regarding the BRs
On Wed, Aug 13, 2014 at 11:16 AM, Kathleen Wilson kwil...@mozilla.com wrote:
2) BR point-in-time audits may not be sufficient.
https://wiki.mozilla.org/CA:CertificatePolicyV2.1#Time_Frames_for_included_CAs_to_comply_with_the_new_policy
Any Certificate Authority being considered for root
On Wed, August 13, 2014 12:41 pm, Peter Bowen wrote:
On Wed, Aug 13, 2014 at 11:16 AM, Kathleen Wilson kwil...@mozilla.com
wrote:
2) BR point-in-time audits may not be sufficient.
https://wiki.mozilla.org/CA:CertificatePolicyV2.1#Time_Frames_for_included_CAs_to_comply_with_the_new_policy
On 8/13/2014 12:34 PM, Ryan Sleevi wrote:
On Wed, August 13, 2014 12:02 pm, David E. Ross wrote:
On 8/13/2014 11:16 AM, Kathleen Wilson wrote [in part]:
All,
As the CFCA discussion showed, there are a few things still to figure
out regarding the audits of CA conformance to the BRs.
Here
17 matches
Mail list logo