[cryptography] How much does it cost to start a root CA ?

ianG iang at iang.org
Sun Jan 6 04:22:05 EST 2013


On 6/01/13 09:48 AM, Ryan Sleevi wrote:

>>   Perhaps it's this kind of thinking that leads to failed audits :)
>
> It will, it does, and the information is readily available from the
> previous post.
>
> https://www.cabforum.org/Baseline_Requirements_V1_1.pdf Sections 14
> through 16
>
> Additionally, https://www.cabforum.org/Network_Security_Controls_V1.pdf
> describes a series of controls jointly developed by the browsers and CAs.


Ryan, that's not true.  I know it is easy to market the organsation as 
being open and friendly, but some of us weren't born last night.

I think the truth is that it was developed by CABForum participants.  In 
private.  Right?  And then announced it to the world here:

    12 - June -2012  -- Today, the CA/Browser Forum released a
    draft "Network and Certificate System Security Requirements"
    for public review, comment, and discussion.  Comments may be
    submitted through Friday, 22 June 2012

https://cabforum.org/pipermail/public/2012-June/000114.html

Right?  Truth is important, right?  So faith in the product has a 
foundation?

CABForum participants are on record on that date to push a new 
unreleased standard onto the world through Mozilla's public theater with:

       10 days of public comment?

Right?

For the record:   when was that document first worked on in CABForum?



iang



More information about the cryptography mailing list