omments in blue.
Od: Ryan Sleevi mailto:r...@sleevi.com>>
Wysłane: czwartek, 11 października 2018 04:53
Do: Grabowski Piotr
DW: Wayne Thayer; mozilla-dev-security-policy
Temat: Re: Odp.: Odp.: 46 Certificates issued with BR violations (KIR)
On
ons (KIR)
On Wed, Oct 10, 2018 at 4:33 PM Grabowski Piotr via dev-security-policy
mailto:dev-security-policy@lists.mozilla.org>>
wrote:
Hello Wayne,
- Is the new dual control process documented in a manner that will be auditable
by your external auditors?
Yes, the new du
Grabowski Piotr via dev-security-policy
mailto:dev-security-policy@lists.mozilla.org>>
wrote:
Hello Wayne,
- Is the new dual control process documented in a manner that will be auditable
by your external auditors?
Yes, the new dual control process is already included in the document
Hello Ryan,
In the design of this template, one of the concerns was about understanding
*how* a problem happened, not just how a CA responded. This is why it includes
text such as "This may include events before the incident was reported, such as
when a particular requirement became
Hello Wayne,
- Is the new dual control process documented in a manner that will be auditable
by your external auditors?
Yes, the new dual control process is already included in the document called
instruction of the security of system Szafir (internal name of the PKI system)
and it is
Hello Wayne,
Please find our comments below:
So far the process for modifying policy templates was controlled by only one
person at the moment. Although these persons
have an extensive experience in PKI and preparing certificate templates and in
common daily duties they work with serveral
6 matches
Mail list logo
