Hi all, I wanted to call some attention to a few intermediates which have been hanging out in the "Audit required" section for quite a while: https://crt.sh/mozilla-disclosures#disclosureincomplete
Specifically, the TurkTrust and Firmaprofesional ones. Both have issues open in Bugzilla: - https://bugzilla.mozilla.org/show_bug.cgi?id=1367842 - https://bugzilla.mozilla.org/show_bug.cgi?id=1368171 However, neither appears to have seen any attention from the CAs in the past two months. Section 5.3.2 of the Mozilla Root Policy says they have a week to disclose the cert, however I'm a bit less clear on on what timeline they're required to provide the audit statements. Cheers, Alex _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
