[cabfpub] FW: Bylaw update proposal
sleevi at google.com
Mon Mar 23 22:21:33 MST 2015
On Mar 23, 2015 10:09 PM, "kirk_hall at trendmicro.com" <
kirk_hall at trendmicro.com> wrote:
> That’s a question for the browsers – Browsers, what do you say?
I'm not sure why this is a question for browsers - audit scope is audit
scope. Some CAs include subordinate CAs in scope of their own audits - such
as when they control and operate the infrastructure - other CAs don't.
Mozilla Root Inclusion Policy (Sections 8 and 10) require that
unconstrained subordinate CAs be disclosed and audited. Mozilla CA
communications from May 2014  affirmed this.
I would expect that all of the CAs fall in one of the two buckets, and it's
up to their issuer to decide.
>From the point of view of program operation, it does not make a difference
whether or not that subordinate is operated by a third party - have audit
and fill out the form, will travel.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public