I'm [hopefully] beginning with a simple change that clarifies the language used for Point-in-Time (PiT) audits used in policy. Section 3.1.3 of our policy currently references a "point-in-time assessment", and section 8 uses the undefined abbreviation "PITRA", which stands for "point-in-time readiness assessment". A readiness assessment refers to an engagement between an auditor and a CA that does not produce a public audit report. It's clear that we want a PiT audit.
The proposed changes are: https://github.com/mozilla/pkipolicy/compare/2.7@%7B03-21-19%7D...2.7 I will appreciate feedback from anyone who has concerns with these changes. - Wayne This is https://github.com/mozilla/pkipolicy/issues/151 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy