On 18/10/16 12:46, Kurt Roeckx wrote:
> Are you saying you're expecting an audit report from November 2015
> to November 2016, and so have the period from November to March
> covered twice?
There seems to be a persistent misunderstanding here.
both say that the period when the auditors were examining CNNIC was
November 2, 2015 to February 29, 2016. Obviously, it then took them time
to write up their report and get it published and so on, but that's not
relevant for this.
Therefore, as WebTrust audits last a year, I would expect CNNIC to begin
being re-examined on or about November 2nd 2016, one year after the
previous examination started.
Unless I've misunderstood what that date range means. If it means the
period of audit validity, then the audits have already expired, so we
shouldn't rely on them. So it can't be that, otherwise they wouldn't
have submitted them.
dev-security-policy mailing list