Gerv, Our response to the recent questions is posted at: https://bugzilla.mozilla.org/attachment.cgi?id=8867735
Kind regards, Steve > -----Original Message----- > From: dev-security-policy [mailto:dev-security-policy- > bounces+steve_medin=symantec....@lists.mozilla.org] On Behalf Of > Gervase Markham via dev-security-policy > Sent: Wednesday, May 10, 2017 7:06 AM > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject: [EXT] Re: Draft further questions for Symantec > > On 08/05/17 13:24, Gervase Markham wrote: > > 8) Please explain how the Management Assertions for your December 2014 > <snip> > > Strike this question; it's based on a misunderstanding of how audits are > done. > > Let's add: > > 10) Do you agree that, during the period of time that Symantec cross-signed > the Federal PKI (Issue L), it was technically possible for issuers inside the > FPKI > to issue EV certs by inserting Symantec's EV OID? > > 11) If, in the Symantec Issues list or any other document relating to this > matter we may publish in future, we have drawn a conclusion or inference > about Symantec's PKI, actions or behaviour which is incorrect, we expect you > to draw that to our attention, even if the truth is not as favourable to > Symantec. Are there any incorrect inferences or conclusions in the Issues List > which need to be corrected? > > Gerv > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy