Skip to Content.
Sympa Menu

cacert-policy - RE: [CAcert-Policy] offer of policy/practices help

Subject: Policy-Discussion

List archive

RE: [CAcert-Policy] offer of policy/practices help


Chronological Thread 
  • From: "Peter Williams" <home_pw AT msn.com>
  • To: "'Policy-Discussion'" <cacert-policy AT lists.cacert.org>
  • Subject: RE: [CAcert-Policy] offer of policy/practices help
  • Date: Sat, 14 May 2005 10:54:12 -0700
  • List-archive: <http://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
  • List-id: Policy-Discussion <cacert-policy.lists.cacert.org>

The "Official CA" mechanism was originally an implementation construct,
related to the 742.15 http://www.access.gpo.gov/bis/ear/pdf/742.pdf:

"(4) Commodities and software that activate or enable cryptographic
functionality."

One could also access the public export licenses issued to VeriSign and
Entrust to see the "official CA" reg, formally, I suspect. One could also
search out any of the compliance reports made on VeriSign by EAR enforcement
officials, and the stipulation agreements regarding corrective actions
concerning the operational conduct of official CA. Said conduct goes beyond
webtrust audit practices and tests, concerning reporting, accuracy of
reporting records, and cross-referencing requirements.

Peter.




Archive powered by MHonArc 2.6.16.

Top of Page