Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Emphasize period-of-time key lifecycle management in MRSP § 3.1.3 #275

Open
BenWilson-Mozilla opened this issue Jan 5, 2024 · 0 comments
Open

Emphasize period-of-time key lifecycle management in MRSP § 3.1.3 #275

BenWilson-Mozilla opened this issue Jan 5, 2024 · 0 comments
Labels
3.0 Mozilla Root Store Policy version 3.0

Comments

@BenWilson-Mozilla
Copy link
Collaborator

WebTrust's Illustrative Reports Under CSAE 3000 and CSAE 3001, May 2023, provides templates for key lifecycle management reports, which may be useful to CAs seeking root inclusion because that type of report covers key protection over a period of time following key generation. Period-of-time audits are better than point-in-time audits or "readiness assessments" in this regard. Section 3.1.3 of the MRSP, and maybe other parts of MRSP section 3 could be modified to explain the usefulness of period-of-time key lifecycle management reports to meet cradle-to-grave key protection requirements.
@BenWilson-Mozilla BenWilson-Mozilla added the 3.0 Mozilla Root Store Policy version 3.0 label Feb 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3.0 Mozilla Root Store Policy version 3.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@BenWilson-Mozilla