On 18/10/16 12:46, Kurt Roeckx wrote: > Are you saying you're expecting an audit report from November 2015 > to November 2016, and so have the period from November to March > covered twice?
There seems to be a persistent misunderstanding here. https://cert.webtrust.org/SealFile?seal=2092&file=pdf https://cert.webtrust.org/SealFile?seal=2091&file=pdf both say that the period when the auditors were examining CNNIC was November 2, 2015 to February 29, 2016. Obviously, it then took them time to write up their report and get it published and so on, but that's not relevant for this. Therefore, as WebTrust audits last a year, I would expect CNNIC to begin being re-examined on or about November 2nd 2016, one year after the previous examination started. Unless I've misunderstood what that date range means. If it means the period of audit validity, then the audits have already expired, so we shouldn't rely on them. So it can't be that, otherwise they wouldn't have submitted them. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
