On Thursday, August 25, 2016 at 12:14:10 AM UTC-7, Richard Wang wrote:
> We can post all 2015 issued SSL certificate to CT log server if necessary.

Is there any reason not to do that proactively?

> For BR auditor, I think this issue is too technical that fewer auditor can 
> find out this problem.

The audit letter included an attestation from Management that, during the time 
of the audit, management believed that the CA complied with the Baseline 

Management was aware of non-compliance, by virtue of revocation and system and 
procedural changes to align with compliance.

Thus, do you believe it was faithful and accurate for Management to warrant 
that the CA was operated in compliance with the BRs, given that Management was 
aware of incidents of non-compliance?
dev-security-policy mailing list

Reply via email to