Confirm, administrator
5,526
edits
Changes
m
* How do we define what a Government CA is?** The CA organization is owned/operated by the government of that country or region. *** Not sure if this would include organizations like CNNIC and HARICA** Public corporations, private organizations, non-profit organizations that provide certs to a government agency? *** I think that would end up being all the CAs in the program.* CA has "Government" in the name* CA takes the "government" exception in our audit standards (i.e. no WebTrust; uses govt-internal audit process)* CA does more than x% of its business (count of certs issued) with its own government* CA is authoritative for a given set of names* ...? Is it reasonable to treat a Government CA differently from other CAs? ** What if the Government CA provides the documentation and audits showing that it complies with Mozilla's CA Certificate Policy?
→Distinguishing between a Government CA and other CAs
== Distinguishing between a Government CA and other CAs ==
Government CAs [http://www.mozilla.org/projects/security/certs/included/index.html who are currently included:] (CAs that are owned/operated by the government of a country or region. -- Note, not sure if Izenpe actually falls into this category, but they claim to be a government CA.)
