All,
I think we should have a discussion about the level of involvement
required of a CA to go through the root inclusion process.
How much of the process can a CA pay someone else to do?
What should the CA do on their own to demonstrate their own commitment
to running a trust anchor?
I am
"Non-Technically Constrained Subordinate CAs"
Kathleen, I wonder if some people might interpret that as "Subordinate
CAs that _are_ Constrained by Non-Technical means". This would
obviously exclude Subordinate CAs that are completely unconstrained
(both technically and non-technically).
So,
On this page, a sub CA could refer to the organization holding an
intermediate certificate or an intermediate certificate. If the latter,
then I think you need to retain "third-party" to distinguish between
intermediates covered by the CAs own audit and those covered under a
separate audit.
Jer
All,
I need to update
https://wiki.mozilla.org/CA:SubordinateCA_checklist
to reflect the current policy (technically constrain or disclose/audit).
I propose the following changes.
1) Remove the Terminology section. Given the current policy, the terms
"In-House", "Third-Party", "Private", "Publ
On Thu, Oct 17, 2013 at 6:04 AM, Gervase Markham wrote:
> On 17/10/13 00:07, Phillip Hallam-Baker wrote:
> > Each HSM vendor has their own security controls but a FIPS140 level 4
> > device won't release them except to another FIPS-140 device. There is no
> > way to extract the key from the syste
On 10/17/2013 1:04 PM, Gervase Markham wrote:
On 17/10/13 00:07, Phillip Hallam-Baker wrote:
Each HSM vendor has their own security controls but a FIPS140 level 4
device won't release them except to another FIPS-140 device. There is no
way to extract the key from the system unencrypted.
Phil: w
On 17/10/13 00:07, Phillip Hallam-Baker wrote:
> Each HSM vendor has their own security controls but a FIPS140 level 4
> device won't release them except to another FIPS-140 device. There is no
> way to extract the key from the system unencrypted.
Phil: what prevents a government just turning up w
7 matches
Mail list logo