Draft 0.9 of CA certificate policy
Frank Hecker
http://www.hecker.org/mozilla/ca-certificate-policy
The main substantive changes were pretty much as previously discussed:
* Extended the requirements to cover all CAs, not just new CAs.
* Changed "independent and qualified third party" to "competent
independent party".
* Added ETSI TS 101 456 and 102 042 as acceptable criteria.
* Changed the definition of "competent party" to delete "reputation
for" in reference to "honesty and objectivity".
* Changed the definition of "independent party" to include a
requirement for disclosure of financial compensation in certain cases
(e.g., a volunteer evaluator reimbursed by the CA for expenses).
I also made a few other minor non-substantive changes for clarity and
formatting.
As always I welcome comments, criticisms, and suggestions for changes;
thanks to those who've commented thus far, whether in this forum or via
email. If you do have suggestions for changes please submit the actual
language you'd like to see in the policy.
I hope that this version or the next can be designated as the final
draft. Once I have a final draft, my plan is to wait a week or so,
finish writing the accompanying FAQ, and then submit the draft policy to
the Mozilla Foundation for consideration as the final 1.0 policy.
Frank
P.S. I've attached a file containing detailed differences from the draft
0.8.
--
Frank Hecker
hec...@hecker.org
Frank Hecker
> I've created a new draft 0.8 of the Mozilla CA Certificate Policy:
I meant draft 0.9, of course (perils of cutting and pasting).
Frank
--
Frank Hecker
hec...@hecker.org