On 14/2/09 02:15, Eddy Nigg wrote:
On 02/13/2009 11:46 AM, Ian G:
Don't fixate on the title. CAs generally have some set of documents that
are internal / not published, and some set of documents that are
published. If someone like the WebTrust people come along and say CPS
must be published
On 12/2/09 20:46, Eddy Nigg wrote:
On 02/12/2009 09:04 PM, Ian G:
Eddy, you change your tune so fast you must be salsa dancer ...
I don't think so. I wondered if we need a list of 20 items in order to
clarify what a CA should provide in terms of audited documents. As I
already said, many
Ian G wrote, On 2009-02-13 01:46:
Don't fixate on the title. CAs generally have some set of documents
that are internal / not published, and some set of documents that are
published. If someone like the WebTrust people come along and say CPS
must be published then the CPS gets thinner and
On 02/13/2009 10:47 PM, Nelson B Bolyard:
Is that a way forward?
Whatever it's called, it must be *the* document which was the base for
the auditor as well. There is no substitute to it really.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog:
Seems to me that this is another case where we're having problems
because we're using a term (CPS) which is widely understood, but
for which more than one meaning exists. As long as we continue to
use it without defining it, we will have problems of people seeming
to agree, but having different
On 02/13/2009 11:46 AM, Ian G:
Don't fixate on the title. CAs generally have some set of documents that
are internal / not published, and some set of documents that are
published. If someone like the WebTrust people come along and say CPS
must be published then the CPS gets thinner and some
So there appear to be several things that might require an additional
audit interaction over some delivery to Mozilla, outside the normal
audit opinion.
Here's my list of things, as spotted recently:
1. a CA's clarification or comment over a key document (e.g., CPS).
2. an additional
On 02/12/2009 07:47 PM, Ian G:
[2] Actually I think I am a long way from nailing down the issues here.
Even though I agree usually on providing clear statements and
requirements, I wonder if we really have to go into such details? You
know, many times it was sufficient to receive a statement
On 12/2/09 19:00, Eddy Nigg wrote:
On 02/12/2009 07:47 PM, Ian G:
[2] Actually I think I am a long way from nailing down the issues here.
Even though I agree usually on providing clear statements and
requirements, I wonder if we really have to go into such details? You
know, many times it was
On 02/12/2009 09:04 PM, Ian G:
Eddy, you change your tune so fast you must be salsa dancer ...
I don't think so. I wondered if we need a list of 20 items in order to
clarify what a CA should provide in terms of audited documents. As I
already said, many times we need only clarifications - a
10 matches
Mail list logo
