Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: Mozilla Policy - Suggestion for the future
62 views
Skip to first unread message
Kathleen Wilson
Aug 26, 2015, 2:56:39 PM8/26/15
to mozilla-dev-s...@lists.mozilla.org
On 8/26/15 12:37 AM, Steve Roylance wrote:
> Hi Kathleen,
>
>
>
> In a meeting with our compliancy team today we were looking in detail at the
> processes we use to map the various rule sets to each other and to our CP
> and CPS.
>
> The recent changes by the CABForum to align Baseline Requirements to RFC
> 3647 has significantly improved the efficiency of the verification process
> for GlobalSign and our auditors.
>
>
>
> Is there a possibility that Mozilla could look to align their policy to RFC
> too? I realize that would be a herculean effort, but it would be an
> effort once rather than in reverse for each CA each time the rules change
> and or a new CA appears. In effect we would have alignment horizontally as
> follows:-
>
>
>
> RFC Section XX | Simple text on what the key elements are for XX | CP |
> CPS | Baseline Requirements | Mozilla Policy | (Future (EV
> Requirements) | (Future) - Microsoft Requirements etc) | (Future) -
> Apple needs etc) | Other etc
>
I am not opposed to doing that, and I would like to here what others
think of this idea.
However, I would like to release version 2.4 first, before embarking on
that effort (if everyone thinks we should do the re-alignment project).
Kathleen
> Hi Kathleen,
>
>
>
> In a meeting with our compliancy team today we were looking in detail at the
> processes we use to map the various rule sets to each other and to our CP
> and CPS.
>
> The recent changes by the CABForum to align Baseline Requirements to RFC
> 3647 has significantly improved the efficiency of the verification process
> for GlobalSign and our auditors.
>
>
>
> Is there a possibility that Mozilla could look to align their policy to RFC
> too? I realize that would be a herculean effort, but it would be an
> effort once rather than in reverse for each CA each time the rules change
> and or a new CA appears. In effect we would have alignment horizontally as
> follows:-
>
>
>
> RFC Section XX | Simple text on what the key elements are for XX | CP |
> CPS | Baseline Requirements | Mozilla Policy | (Future (EV
> Requirements) | (Future) - Microsoft Requirements etc) | (Future) -
> Apple needs etc) | Other etc
>
I am not opposed to doing that, and I would like to here what others
think of this idea.
However, I would like to release version 2.4 first, before embarking on
that effort (if everyone thinks we should do the re-alignment project).
Kathleen
Kathleen Wilson
Aug 26, 2015, 3:00:01 PM8/26/15
to mozilla-dev-s...@lists.mozilla.org
I would like to *hear* what others think of this idea.
Jeremy Rowley
Aug 26, 2015, 3:59:49 PM8/26/15
to Kathleen Wilson, mozilla-dev-s...@lists.mozilla.org
I agree with Steve. Being able to compare CP documents readily is the point behind the 3647 format. We converted the BRs to 3647 so members can compare their CPS side-by-side with the BRs and see where there is a deficiency. Comparing the Mozilla policy in a 3647 would make the CPS reviews and compliance monitoring a LOT easier.
-----Original Message-----
From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digice...@lists.mozilla.org] On Behalf Of Kathleen Wilson
Sent: Wednesday, August 26, 2015 12:59 PM
To: mozilla-dev-s...@lists.mozilla.org
Subject: Re: Mozilla Policy - Suggestion for the future
correction:
I would like to *hear* what others think of this idea.
_______________________________________________
dev-security-policy mailing list
dev-secur...@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
-----Original Message-----
From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digice...@lists.mozilla.org] On Behalf Of Kathleen Wilson
Sent: Wednesday, August 26, 2015 12:59 PM
To: mozilla-dev-s...@lists.mozilla.org
Subject: Re: Mozilla Policy - Suggestion for the future
I would like to *hear* what others think of this idea.
_______________________________________________
dev-security-policy mailing list
dev-secur...@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
ravan...@gmail.com
Aug 31, 2015, 12:01:29 PM8/31/15
to mozilla-dev-s...@lists.mozilla.org
Hi Kathleen,
Yes, that would be very helpful. The forthcoming ETSI 319 411 series will also be (broadly)structured according to RFC3647.
Kind regards,
Robert van de Rijt
Logius
Yes, that would be very helpful. The forthcoming ETSI 319 411 series will also be (broadly)structured according to RFC3647.
Kind regards,
Robert van de Rijt
Logius
Kathleen Wilson
Aug 31, 2015, 7:09:57 PM8/31/15
to mozilla-dev-s...@lists.mozilla.org
https://wiki.mozilla.org/CA:CertPolicyUpdates#Consider_for_Version_3.0
I don't have the bandwidth to work on it now, and there are other things
we need to update in Mozilla's policy now. But we can certainly look at
doing this later.
Thanks,
Kathleen
0 new messages