Hi Wyane, resopnding to your notes: Section 4.9 states that in any case that Comsign is notified about a misissuance (no matter if it was notified by a subscriber or in any other way) Comsign shall revoke the certificate.
It is true that we didn’t update the version number and we have corrected it. Along with updating the CPS version management table as well. about the software we use for issuing certificate- As we commented on the January Communication we didn’t issue any SSL certificate in the last years at all – we do not plan to issue any SSL certificates in our current RSA software – only with our new one who is under audit now. So, like we mentioned earlier we would like to be approved in advance so we could start issuing as soon as the new system will be in use. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
