> > To answer your question: no, there are no rules for the withdrawal of
> > CA licences. Strictly spoken, there even are no rules for the licensing
> > of CAs: the federal agency operating the root CA cannot reject a licence
> > if hardware, software and the CA's security concept have been evaluated.
> > This is bad and the responsible people know about this but...
>
> Do I understand you correctly: Once a CA got a evaluation and a licence,
> there's no rule to reject this licence? What does this exactly mean? Is
> this a matter of opinion of a person? Or has that subject been ignored /
> forgotten ?!
I suggest to discuss this off-line; this is not the right place to do so.
Stefan.
______________________________________________________________________________
Stefan Kelm PGP key: "finger [EMAIL PROTECTED]" or via key server
DFN-CERT <[EMAIL PROTECTED]>
Vogt-Koelln-Str. 30 http://www.cert.dfn.de/~kelm/
22527 Hamburg (Germany) Tel: +49 40 428 83-2262 / Fax: -2241
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
