Policy-Discussion

[Ian Grigg <iang AT systemics.com>]

On Sunday 24 July 2005 04:22, Peter Williams wrote:
> If one is prepping for an audit, its worth constructing our own tests in  
> certain area - areas that any auditor is likey to construct tests:


Hmm... Are you essentially proposing that CACert
conduct its own audits inhouse?

> ....  A public CPA is really making 
> a public representation after all: is the organization really "trying" to 
> meet the public's expectations, when assigning their trust!


The standard for a CA audit seems to be way below
that.  From discussions on this I've seen related to
the Mozilla project to identify how to accept new CAs,
the purpose of the CA audit is more or less to check
that the CA is doing what it says it is doing.

Do you or does anyone have any different view?

iang
-- 
Advances in Financial Cryptography, Issue 2:
   https://www.financialcryptography.com/mt/archives/000498.html
Mark Stiegler, An Introduction to Petname Systems
Nick Szabo, Scarce Objects
Ian Grigg, Triple Entry Accounting