To give us a concrete example, here's a Bugzilla Bug that I filed this morning:
https://bugzilla.mozilla.org/show_bug.cgi?id=1412950 The CA's 2015-2016 audit was WebTrust. Their current audit statement is ETSI. When I filed the bug I thought there was a gap in auditing from March 10 2016 to January 29 2017. However, based on Ryan's explanation above, my understanding now is that the ETSI audit is a point-in-time audit, so the CA's activities from March 10 2016 until now have not been audited, with the exception of one month (January 30 to March 1 2017). Correct? Kathleen _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
