Policy-Discussion

["Peter Williams" <home_pw AT msn.com>]

I’m willing to help write cacert.org disclosure statements and policy/practice documents – with a view to obtaining a webtrust-like certification for the CA.

 

I can offer (a) experience of having performed detailed review the drafts of certification policy in the VeriSign CPS, (b) have analysed the VeriSign CPS author’s mental model concerning legal models, (c) experience of how one can recover from a failed SAS70 audit, (d) experience of having written disclosure and policy documents for a (non-VeriSign) CA that obtained webtrust certification, so it could resell its root keys (for millions of dollars, in one case), (d) having continuing access to the underlying US government best practices and comsec documents from which I filched much of the material used (legally) in (d), (e) being wholly unaffiliated with the VeriSign that I helped establish in 1994.

 

Peter.