> > I think > > within three months of the point in time date or the end date of > > the period > does not give the certification authority sufficient time to provide an > audit report to Mozilla. > > -- > David E. Ross
I think David has right, its hard to get an audit report to a deadline. Also its generaly done yearly, but the timeing of the audit not so exact, sometimes the certification delay. I think its enough to define the frequency of audits, not the exact date. Maybe Salesforce can alert if some CA's audits get closer to its end of validity. regards, Viktor Varga _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
