On Wednesday, September 20, 2017 at 6:34:04 AM UTC-7, Kurt Roeckx wrote: > On 2017-09-20 01:09, Kathleen Wilson wrote: > > -------- Forwarded Message -------- > > Subject: Summary of September 2017 Audit Reminder Emails > > Date: Tue, 19 Sep 2017 19:00:08 +0000 (GMT) > > > > Mozilla: Overdue Audit Statements > > Root Certificates: > > Autoridad de Certificacion Firmaprofesional CIF A62634068 > > Standard Audit: https://cert.webtrust.org/SealFile?seal=2032&file=pdf > > Audit Statement Date: 2016-04-11 > > BR Audit: https://bug521439.bmoattachments.org/attachment.cgi?id=8809981 > > BR Audit Statement Date: 2016-08-05 > > EV Audit: https://bug521439.bmoattachments.org/attachment.cgi?id=8809982 > > EV Audit Statement Date: 2016-08-05 > > CA Comments: BR and EV audits have happened, but there are action plans > > being presented to the auditors. Primary issues are use of UTF8 instead of > > PrintableString in jurisdictionOfIncorporation, and a recently repealed > > Spanish law that required privat > > Does that mean the standard audit did not happen? The currently linked > one covered the period 2015-03-10 to 2016-03-09. The next period of 1 > year is now over for more than 6 months. > > If the audits happened, why don't we have the audit statement yet? >
I'll contact the CA, and ask them to respond. I noticed that for the audit reminders the program was sending to the email alias only, so I've asked my Salesforce consultant to make sure the Primary POC(s) are always in the 'To' list for the emails. However, it is the CA's responsibility to provide their updated audit statements, so not receiving the audit reminder email does not excuse them. > > Mozilla: Audit Reminder > > Root Certificates: > > Chambers of Commerce Root > > Chambers of Commerce Root - 2008 > > Global Chambersign Root > > Global Chambersign Root - 2008 > > Standard Audit: > > https://bug986854.bmoattachments.org/attachment.cgi?id=8775118 > > Audit Statement Date: 2016-06-17 > > BR Audit: https://bugzilla.mozilla.org/attachment.cgi?id=8800807 > > BR Audit Statement Date: 2016-08-05 > > EV Audit: https://bugzilla.mozilla.org/attachment.cgi?id=8800811 > > EV Audit Statement Date: 2016-08-05 > > CA Comments: null > > The standard audit was for the period of 2015-04-14 to 2016-04-13, and > so are also late with their audit. I'll contact the CA... > > > Mozilla: Audit Reminder > > Root Certificates: > > GlobalSign ECC Root CA - R5 > > Standard Audit: https://cert.webtrust.org/SealFile?seal=2287&file=pdf > > Audit Statement Date: 2017-07-26 > > BR Audit: https://bug1388488.bmoattachments.org/attachment.cgi?id=8895040 > > BR Audit Statement Date: 2017-07-26 > > EV Audit: https://cert.webtrust.org/SealFile?seal=2055&file=pdf > > EV Audit Statement Date: 2016-06-10 > > CA Comments: null > > The EV period was from 2015-04-01 to 2013-03-31. The others are new, > maybe forgot to update something? Bug in CCADB. I am waiting for my Salesforce consultant to confirm that she has replicated the bug in Sandbox, and then I will fix the data in Production. > > > Mozilla: Audit Reminder > > Root Certificates: > > Certum Trusted Network CA 2** > > Certum Trusted Network CA** > > > > ** Audit Case in the Common CA Database is under review for this root > > certificate. > > > > Standard Audit: https://cert.webtrust.org/SealFile?seal=2064&file=pdf > > Audit Statement Date: 2016-06-10 > > BR Audit: https://cert.webtrust.org/SealFile?seal=2066&file=pdf > > BR Audit Statement Date: 2016-06-10 > > EV Audit: https://cert.webtrust.org/SealFile?seal=2065&file=pdf > > EV Audit Statement Date: 2016-06-10 > > CA Comments: null > As noted by the '**' we have received the updated audit statements, and are working with the CA on their Audit Case. Since the Audit Case is a new process, there is a learning curve for most CAs. Kathleen _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
