[WG-IDAssurance] Point in Time vs. Period of Time Audit
leifj at sunet.se
Wed Jan 18 14:36:11 EST 2012
-----BEGIN PGP SIGNED MESSAGE-----
On 01/18/2012 08:29 PM, David L. Wasley wrote:
> This strikes me as requiring GM to sell 30 cars and have 5 of them
> in serious accidents (in which passengers survive) before they can
> be certified as safe.
> Do we really not believe that thorough testing of infrastructure,
> including failure modes, etc., can demonstrate proper and correct
> What does issuing 30 credentials actually prove that sufficient
> testing wouldn't? And would those 30 have to be revoked and
> reissued after certification of the CSP?
> Just wondering...
Yeah I've also often wondered at that. The thing you want is that
the revocation works, not that its been used.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the WG-IDAssurance