On 6/17/15 12:05 PM, Kathleen Wilson wrote:
Therefore, the result of this discussion is as follows:
==
CNNIC may re-apply for full inclusion following the normal process,
after they have completed the following additional steps.
1. Provide a list of changes CNNIC has implemented to ensure that there
are no future violations of Mozilla Policy and the Baseline Requirements.
2. Improve CNNIC’s process for authorizing intermediate CAs, and fully
document this improved process in the CP/CPS.
3. Include in this year's WebTrust audit an explicit confirmation by the
auditor that these changes have been implemented and enforced.
4. Provide auditor attestation that a full performance audit has been
performed confirming BR compliance according to
https://wiki.mozilla.org/CA:BaselineRequirements
5. April 1, 2016 is the earliest date at which CNNIC may apply for full
inclusion. If approved, we will remove the restriction currently in
place on their SSL certificates issued after Apr 1 2015. If denied, we
will remove the CNNIC root certificates from NSS.
==
Please reply if you see any errors in this. Otherwise, I will close this
discussion and communicate this to CNNIC.
Thanks again to all of you who participated in this discussion.
I have recorded the above action items in
https://bugzilla.mozilla.org/show_bug.cgi?id=1177209
I am now closing this discussion, and will communicate the above
information to CNNIC.
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
