CA:Root Removal Policy Notes: Difference between revisions

CA:Root Removal Policy Notes (view source)

107 bytes added , 2 February 2010

added comment about cases that may explain better

11

edits

@@ Line 95: / Line 95: @@
 * [[iang]] I disagree.
 ** CAs are making representations to relying parties, who are known persons according to CA's RPA.  They are also (potentially, arguably) creating risks for non-related persons, those who aren't relying parties according to their RPA, for whom Mozilla stands in for.  The existence of the audit process and the mozilla policy bears testament to the risks, liabilities and obligations of all these parties.
-** Obviously, CAs only and every reaction will be to suppress all claims by all others all the time.
+** Obviously, CAs only and every reaction will be to suppress all claims by all others all the time.  E.g., recent case was discussed concerning an OCSP failure.
 ** It is therefore both important and difficult to know who has valid and relevant claim to make against a CA or CA's root.
-** I would therefore prefer that anyone can file a bug against a root or a CA, and that there be an easy procedure for dismissing the bug.
+** I would therefore prefer that anyone can file a bug against a root or a CA, and that there be an easy procedure for dismissing the bug.  E.g., recent claims against a government CA.
 ** And, I would suggest that Mozilla explicitly create a "safe harbour" for doing so by being precise as to the method.
 * [[iang]] I think the notion of a removal policy is a bit too precise.