[cabfcert_policy] Mozilla policy concerning independant parties

Thu May 21 17:00:35 MST 2015

The documents below clarify issues relevant to this and also, partly, to 
the "Name-constraining government CAs, or not" threads, where we try to 
find out whether there is a framework for "Government entities" 
performing activities close to "Qualified Auditor" functions (when a CA 
is owned, operated or run by Government, definition by Peter Kurrasch).

I thought some explanation can be found here:

**1. Regulation (EC) No 765/2008 of the European Parliament and of the 
Council of 9 July 2008 setting out the requirements for accreditation 
and market surveillance relating to the marketing of products and 
repealing Regulation (EEC) No 339/93 (Text with EEA relevance)
http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1432252294707&uri=CELEX:32008R0765

*2. Decision No 768/2008/EC of the European Parliament and of the 
Council of 9 July 2008 on a common framework for the marketing of 
products, and repealing Council Decision 93/465/EEC (Text with EEA 
relevance) *
http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1432248121358&uri=CELEX:32008D0768 

AFAIK there is an ongoing work to update the legislation above but as of 
today these are legally valid acts.

Thanks,
M.D.

On 5/21/2015 6:28 PM, Ben Wilson wrote:
>
> Thanks, Robin.  I’ve reworded this to insert into Section 8.3 as follows:
>
> The Qualified Auditor SHALL be independent from the CA, where 
> "independent" means a person or other entity not affiliated with the 
> CA as an employee or director and for whom at least one of the 
> following statements is true:
>
>  1. the party is not financially compensated by the CA;
>  2. the nature and amount of the party’s financial compensation by the
>     CA is publicly disclosed; or
>  3. the party is bound by law, government regulation, and/or a
>     professional code of ethics to render an honest and objective
>     judgement regarding the CA.
>
> *From:*policyreview-bounces at cabforum.org 
> [mailto:policyreview-bounces at cabforum.org] *On Behalf Of *Robin Alden
> *Sent:* Thursday, May 21, 2015 8:24 AM
> *To:* policyreview at cabforum.org
> *Subject:* [cabfcert_policy] Mozilla policy concerning independant parties
>
> https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/
>
> #14 reads:
>
> By "independent party" we mean a person or other entity who is not 
> affiliated with the CA as an employee or director and for whom at 
> least one of the following statements is true:
>
> the party is not financially compensated by the CA;
>
> the nature and amount of the party’s financial compensation by the CA 
> is publicly disclosed; or
>
> the party is bound by law, government regulation, and/or a 
> professional code of ethics to render an honest and objective 
> judgement regarding the CA.
>
> Robin
>
>
>
> _______________________________________________
> Policyreview mailing list
> Policyreview at cabforum.org
> https://cabforum.org/mailman/listinfo/policyreview

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/policyreview/attachments/20150522/40e1cd7e/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3653 bytes
Desc: S/MIME Cryptographic Signature
Url : https://cabforum.org/pipermail/policyreview/attachments/20150522/40e1cd7e/attachment.bin 