On 2014-09-17 00:52, Kathleen Wilson wrote:
https://wiki.mozilla.org/CA:BaselineRequirements#Whole-Population_Audit_of_Intermediate_Certs
I really like this section, it makes things clear.
https://wiki.mozilla.org/CA:BaselineRequirements#WebTrust_BR_Audit_Statement
https://wiki.mozilla.org/CA:BaselineRequirements#ETSI_BR_Audit_Statement.2FCertificate
It's not clear that you need either of those 2. Maybe we need to be
more explicit in saying which audit are acceptable for what?
For the first it has:
The BR audit statement may be qualified and list BRs that the CA is not
yet in compliance with. The second BR audit (the following year) is
expected to confirm that the issues that were listed in the previous BR
audit have been resolved.
Shouldn't something like that also be in the 2nd?
Kurt
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
