The current CA policy does not specify when audit reports are due to Mozilla relative to the end date of the audit period. It only says that CAs much provide the reports to Mozilla within 30 days of receiving the report from their auditor.
Peter Bowen proposed some revised and more specific requirements, which can be read in the issue, and I've taken the opportunity to split the audit stuff (which is important both for Inclusion and Maintenance) out of the Inclusion section into its own section. I've made the changes on a branch; the diff can be seen here: https://github.com/mozilla/pkipolicy/compare/issue-7 Mostly it involves moving the audit parts from the Inclusion section to their own section, but then I've added a new bullet (bullet 7) which has the requirements on dates (a little reworded), plus also one requirement extracted from elsewhere in the document. It also means we now have a specific section defining the required contents for audit reports. Later, we may have other things to add to that section :-) This is: https://github.com/mozilla/pkipolicy/issues/7 ------- This is a proposed update to Mozilla's root store policy for version 2.4. Please keep discussion in this group rather than on Github. Silence is consent. Policy 2.3 (current version): https://github.com/mozilla/pkipolicy/blob/2.3/rootstore/policy.md Update process: https://wiki.mozilla.org/CA:CertPolicyUpdates _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
