On 08/05/17 13:24, Gervase Markham wrote:
> 8) Please explain how the Management Assertions for your December 2014

Strike this question; it's based on a misunderstanding of how audits are

Let's add:

10) Do you agree that, during the period of time that Symantec
cross-signed the Federal PKI (Issue L), it was technically possible for
issuers inside the FPKI to issue EV certs by inserting Symantec's EV OID?

11) If, in the Symantec Issues list or any other document relating to
this matter we may publish in future, we have drawn a conclusion or
inference about Symantec's PKI, actions or behaviour which is incorrect,
we expect you to draw that to our attention, even if the truth is not as
favourable to Symantec. Are there any incorrect inferences or
conclusions in the Issues List which need to be corrected?

dev-security-policy mailing list

Reply via email to