> * I am unable to locate a BR audit for the GCSR2016, but the websites trust
> bit has been requested. I first thought that this root was not intended for
> serverAuth, but section 18.104.22.168 of the CPS indicates that there is an “AC
> CAMERFIRMA GLOBAL FOR WEBSITES” subordinate CA that chains to this root.
> Both roots are covered by the latest EV audit.
I have included an Auditor erratum note in
dev-security-policy mailing list