COVID-19 is going on and there currently is a quarantine of certain areas in China and also alert levels are further raising in other (mainly East-Asian) countries.
How will the root programs approach CA facilities with key material that are in a lockdown or in a territory that is not accessible by auditors and hence cannot be inspected within the three months after the end of the CA's period-under-audit? Lockdown in the above meaning properly secured according to the requirements and BCP/DR plans but because of external conditions not accessible and available for external auditors / inspection.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy