MozillaWiki

CA/BR Audit Guidance: Difference between revisions

Page Discussion

CA/BR Audit Guidance (view source)

Revision as of 21:13, 3 September 2014

91 bytes removed ,  3 September 2014
m
→‎Audit Mistakes
Line 81: Line 81:


== Audit Mistakes ==
== Audit Mistakes ==
*'''This is a proposal only, to be discussed in the mozilla.dev.security.policy forum.'''
During evaluation of a CA's root inclusion or change request, Mozilla uses public audit statements to help confirm that the CA is in compliance with the stated verification requirements, the BRs, and Mozilla's policy. Therefore, when members of Mozilla's community find a problem with certificates in the CA's hierarchy that should have been noted in the audit statement (as an exception or point of non-compliance), the CA may need to be re-audited to confirm that the problem has been resolved.
During evaluation of a CA's root inclusion or change request, Mozilla uses public audit statements to help confirm that the CA is in compliance with the stated verification requirements, the BRs, and Mozilla's policy. Therefore, when members of Mozilla's community find a problem with certificates in the CA's hierarchy that should have been noted in the audit statement (as an exception or point of non-compliance), the CA may need to be re-audited to confirm that the problem has been resolved.


Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1011994"