Hi Ben, I'm a bit puzzled about how to specify the locations that "were not audited". What does this mean? Thanks! Pedro
El martes, 27 de junio de 2023 a las 17:37:44 UTC+2, Ben Wilson escribió: > All, > > Section 5.1 of the CCADB Policy > https://www.ccadb.org/policy#51-audit-statement-content now specifies > required audit letter content very similar to what is currently in section > 3.1.4 of the Mozilla Root Store Policy (MRSP). And so it has been proposed > that much of the current language in MRSP § 3.1.4 be removed. GitHib > Issue#239 <https://github.com/mozilla/pkipolicy/issues/239>. However, > two items do not appear in the CCADB’s list of required audit content—(1) > locations audited or not audited and (2) auditor qualifications. Therefore, > we are proposing the following language for the first paragraph of section > 3.1.4. > > --- Begin MRSP Edit --- > > The publicly-available documentation relating to each audit MUST contain > the information required by section 5.1 of the CCADB Policy and the CA > locations that were or were not audited. Audit reports must also contain or > be accompanied by the name of the lead auditor and qualifications of the > team performing the audit, as required by section 3.2. > > --- End MRSP Edit --- > > See also > https://github.com/Mozilla/pkipolicy/compare/bf36841af0686676f0435769db8c641d7d17dfb3..8968d9b6fedc1f94f4afa6a59ce609b759f497e6 > > > Please provide us with your comments or suggestions. > > Thanks, > > Ben and Kathleen > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/43d6de92-b6c2-4e2e-a2c7-38f881f55507n%40mozilla.org.
