Thanks for pointing this out Kurt. The Certinomis / Docapost audit report is now almost one month late. Also, last week the Certinomis representative informed root programs that he was leaving his post and two others would be taking his place. I have just emailed the two new representatives and asked them to explain when we will see the audit report. I'm also concerned about their numerous compliance bugs.
- Wayne On Tue, Nov 20, 2018 at 3:15 PM Kurt Roeckx via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Tue, Oct 23, 2018 at 02:35:37PM -0700, Kathleen Wilson via > dev-security-policy wrote: > > > > Mozilla: Audit Reminder > > > > Root Certificates: > > > > Certinomis - Root CA > > > > Standard Audit: > > > > https://bug937589.bmoattachments.org/attachment.cgi?id=8898169 > > > > Audit Statement Date: 2017-07-24 > > > > BR Audit: > https://bug937589.bmoattachments.org/attachment.cgi?id=8898169 > > > > BR Audit Statement Date: 2017-07-24 > > > > CA Comments: null > > > > > > This seems to be in French, and does not seem to even indicate > > > when the audit was done, just that the report itself is valid for > > > 2 years. > > > > Our official requirement for the audit statements to be in English is > new in > > version 2.6 of our policy (effective date July 1, 2018). Also, last July > we > > were still having difficulty getting the ETSI auditors on board with > > specifying audit periods in their audit statements. > > So it seems nothing changed related to this in the last month, > they are clearly late in providing a new audit statement. > > > Kurt > > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
