Re: Symantec Response T

2017-04-11 Thread Ryan Sleevi via dev-security-policy
On Tue, Apr 11, 2017 at 12:42 PM, Gervase Markham via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > In various rounds of questioning at the time we were focussing purely on > this incident, I asked Symantec what processes they had in place for > checking that the RAs were

Re: Symantec Response T

2017-04-11 Thread Gervase Markham via dev-security-policy
On 11/04/17 17:18, Ryan Sleevi wrote: > 1) On the basis of the controls Symantec described, at no point was any > mention made of Symantec performing sampling audits to ensure their RA > partners complied with either the RA partner's CP/CPS or Symantec's CP/CPS. > a) Is it fair to conclude that

Re: Symantec Response T

2017-04-11 Thread Ryan Sleevi via dev-security-policy
On Mon, Apr 10, 2017 at 10:57 AM, Steve Medin via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Issue T: RA Program Misissuances (January 2010 - January 2017) > > Program Background: > > Symantec has operated an RA program designed to deliver a superior > customer

Symantec Response T

2017-04-10 Thread Steve Medin via dev-security-policy
Issue T: RA Program Misissuances (January 2010 - January 2017) Program Background: Symantec has operated an RA program designed to deliver a superior customer experience in global markets where language skills, understanding of local business requirements, and physical local presence are