I have found four more CAs that are not compliant with this requirement: 1. Entrust: http://www.entrust.net/about/practices.cfm, last updated on Mar 4, 2014 2. Taiwan CA: https://www.twca.com.tw/Portal/english/coporate_profile/Repository.html, last updated on Jan 22, 2013 3. Trend Micro: https://www.trendmicro.com/us/enterprise/cloud-solutions/deep-security/ssl-certificates/index.html#resources, last updated on Feb 17, 2014 4. Gandi CA (signed by AddTrust): http://www.gandi.net/static/docs/en/gandi-certification-practice-statement.pdf, last updated on Feb 15, 2009
Does Mozilla want to remind these CAs to update their CP/CPS? Or is it fine to relax this requirement? _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
