[cabfcert_policy] Mozilla policy concerning independant parties
Moudrick M. Dadashov
md at ssc.lt
Thu May 21 17:00:35 MST 2015
The documents below clarify issues relevant to this and also, partly, to
the "Name-constraining government CAs, or not" threads, where we try to
find out whether there is a framework for "Government entities"
performing activities close to "Qualified Auditor" functions (when a CA
is owned, operated or run by Government, definition by Peter Kurrasch).
I thought some explanation can be found here:
**1. Regulation (EC) No 765/2008 of the European Parliament and of the
Council of 9 July 2008 setting out the requirements for accreditation
and market surveillance relating to the marketing of products and
repealing Regulation (EEC) No 339/93 (Text with EEA relevance)
http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1432252294707&uri=CELEX:32008R0765
*2. Decision No 768/2008/EC of the European Parliament and of the
Council of 9 July 2008 on a common framework for the marketing of
products, and repealing Council Decision 93/465/EEC (Text with EEA
relevance) *
http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1432248121358&uri=CELEX:32008D0768
AFAIK there is an ongoing work to update the legislation above but as of
today these are legally valid acts.
Thanks,
M.D.
On 5/21/2015 6:28 PM, Ben Wilson wrote:
>
> Thanks, Robin. I’ve reworded this to insert into Section 8.3 as follows:
>
> The Qualified Auditor SHALL be independent from the CA, where
> "independent" means a person or other entity not affiliated with the
> CA as an employee or director and for whom at least one of the
> following statements is true:
>
> 1. the party is not financially compensated by the CA;
> 2. the nature and amount of the party’s financial compensation by the
> CA is publicly disclosed; or
> 3. the party is bound by law, government regulation, and/or a
> professional code of ethics to render an honest and objective
> judgement regarding the CA.
>
> *From:*policyreview-bounces at cabforum.org
> [mailto:policyreview-bounces at cabforum.org] *On Behalf Of *Robin Alden
> *Sent:* Thursday, May 21, 2015 8:24 AM
> *To:* policyreview at cabforum.org
> *Subject:* [cabfcert_policy] Mozilla policy concerning independant parties
>
> https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/
>
> #14 reads:
>
> By "independent party" we mean a person or other entity who is not
> affiliated with the CA as an employee or director and for whom at
> least one of the following statements is true:
>
> the party is not financially compensated by the CA;
>
> the nature and amount of the party’s financial compensation by the CA
> is publicly disclosed; or
>
> the party is bound by law, government regulation, and/or a
> professional code of ethics to render an honest and objective
> judgement regarding the CA.
>
> Robin
>
>
>
> _______________________________________________
> Policyreview mailing list
> Policyreview at cabforum.org
> https://cabforum.org/mailman/listinfo/policyreview
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/policyreview/attachments/20150522/40e1cd7e/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3653 bytes
Desc: S/MIME Cryptographic Signature
Url : https://cabforum.org/pipermail/policyreview/attachments/20150522/40e1cd7e/attachment.bin
More information about the Policyreview
mailing list