Dear Ben, I confirm that Microsec will correct all issues in the CP and CPS documents as promised during the public discussion.
Thanks to everyone who took the time to read Microsec CP and CPS and to comment on them. If there are no more comments on the content of our CP and CPS documents in the public discussion, we will review the thread again and gather all the issues to be resolved. As usual, Microsec will review current versions of all applicable requirements for changes. I confirm that the section 1.5.2 will be changed. The High Priority Certificate Problem Report will be reviewed and will be moved here from section 4.9.3. Other issues I can see after a brief overview: - Preliminary report in case of Certificate problem report in section 4.9.5 - correct the reference to section 1.3.1 instead of 1.2 in section 4.9.5 - review the email address validation rules in case of non-automatic validation procedure in section 3.2.7 I expect that Microsec will be able to do it within one week and will prepare the draft version of the public documents by the end of April. We publish the drafts on our website and send them to the auditor and our supervisory authority at the same time. This is followed by a 30-day commenting period during which anyone can comment on the planned changes. If significant issues arise during this period, the draft shall be amended and the 30 days shall begin again. If there are no significant issues, the new document will enter into force by the end of May 2020. Please let us know if you expect us to take any further steps in this process. Best regards, Sándor dr. Sándor Szőke Microsec deputy director _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
