[cabfpub] FW: Bylaw update proposal
Ryan Sleevi
sleevi at google.com
Tue Mar 24 05:21:33 UTC 2015
On Mar 23, 2015 10:09 PM, "kirk_hall at trendmicro.com" <
kirk_hall at trendmicro.com> wrote:
> That’s a question for the browsers – Browsers, what do you say?
I'm not sure why this is a question for browsers - audit scope is audit
scope. Some CAs include subordinate CAs in scope of their own audits - such
as when they control and operate the infrastructure - other CAs don't.
Mozilla Root Inclusion Policy (Sections 8 and 10) require that
unconstrained subordinate CAs be disclosed and audited. Mozilla CA
communications from May 2014 [1] affirmed this.
I would expect that all of the CAs fall in one of the two buckets, and it's
up to their issuer to decide.
>From the point of view of program operation, it does not make a difference
whether or not that subordinate is operated by a third party - have audit
and fill out the form, will travel.
[1] https://wiki.mozilla.org/CA:Communications#May_2014_Responses
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150323/ec7484e3/attachment-0003.html>
More information about the Public
mailing list