The link in footnote [1] https://www.idmanagement.gov/IDM/servlet/fileField?entityId=ka0t0000000Gmi3AAC&field=File__Body__s
gives me a 404 error. On Monday, May 15, 2017 at 11:09:41 AM UTC-4, Steve Medin wrote: > Gerv, > > Our response to the recent questions is posted at: > https://bugzilla.mozilla.org/attachment.cgi?id=8867735 > > Kind regards, > Steve > > > -----Original Message----- > > From: dev-security-policy [mailto:dev-security-policy- > > [email protected]] On Behalf Of > > Gervase Markham via dev-security-policy > > Sent: Wednesday, May 10, 2017 7:06 AM > > To: [email protected] > > Subject: [EXT] Re: Draft further questions for Symantec > > > > On 08/05/17 13:24, Gervase Markham wrote: > > > 8) Please explain how the Management Assertions for your December 2014 > > <snip> > > > > Strike this question; it's based on a misunderstanding of how audits are > > done. > > > > Let's add: > > > > 10) Do you agree that, during the period of time that Symantec cross-signed > > the Federal PKI (Issue L), it was technically possible for issuers inside > > the FPKI > > to issue EV certs by inserting Symantec's EV OID? > > > > 11) If, in the Symantec Issues list or any other document relating to this > > matter we may publish in future, we have drawn a conclusion or inference > > about Symantec's PKI, actions or behaviour which is incorrect, we expect you > > to draw that to our attention, even if the truth is not as favourable to > > Symantec. Are there any incorrect inferences or conclusions in the Issues > > List > > which need to be corrected? > > > > Gerv > > _______________________________________________ > > dev-security-policy mailing list > > [email protected] > > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
