Re: Misissuance and BR Audit Statements

2018-10-12 Thread Wayne Thayer via dev-security-policy
> -Original Message- >> From: Ben Wilson >> Sent: Wednesday, August 15, 2018 8:34 AM >> To: 'r...@sleevi.com' ; Wayne Thayer < >> wtha...@mozilla.com> >> Cc: mozilla-dev-security-policy < >> mozilla-dev-security-pol...@lists.mozilla.org> &g

Re: Misissuance and BR Audit Statements

2018-08-16 Thread Wayne Thayer via dev-security-policy
Thank you for responding on behalf of ETSI ESI and ACABc! I believe that this is an important topic and I hope that ETSI ESI and ACABc members will continue to participate in the discussion. On Thu, Aug 16, 2018 at 11:11 AM clemens.wanko--- via dev-security-policy <

RE: Misissuance and BR Audit Statements

2018-08-16 Thread Ben Wilson via dev-security-policy
What about all of the other audit firms? From: Wayne Thayer Sent: Wednesday, August 15, 2018 1:09 PM To: Ben Wilson Cc: Ryan Sleevi ; mozilla-dev-security-policy Subject: Re: Misissuance and BR Audit Statements I went ahead and noted these DigiCert audits as a concern on the CCADB

Re: Misissuance and BR Audit Statements

2018-08-16 Thread clemens.wanko--- via dev-security-policy
Dear all, this is a joint response from ETSI ESI and ACABc: ETSI have published a supplement to its audit requirements specifically to address specific requirements of Mozilla, and other CA/Browser Forum members, for auditing Trust Service Providers that issue Publicly-Trusted Certificates TS

Re: Misissuance and BR Audit Statements

2018-08-15 Thread Wayne Thayer via dev-security-policy
Re-sending > > -Original Message- > From: Ben Wilson > Sent: Wednesday, August 15, 2018 8:34 AM > To: 'r...@sleevi.com' ; Wayne Thayer > > Cc: mozilla-dev-security-policy < > mozilla-dev-security-pol...@lists.mozilla.org> > Subject: RE: Misissuance and

RE: Misissuance and BR Audit Statements

2018-08-15 Thread Ben Wilson via dev-security-policy
Re-sending -Original Message- From: Ben Wilson Sent: Wednesday, August 15, 2018 8:34 AM To: 'r...@sleevi.com' ; Wayne Thayer Cc: mozilla-dev-security-policy Subject: RE: Misissuance and BR Audit Statements Thanks, Ryan and Wayne, Going forward we'll work to improve our management

RE: Misissuance and BR Audit Statements

2018-08-15 Thread Ben Wilson via dev-security-policy
, August 13, 2018 3:57 PM To: Wayne Thayer Cc: mozilla-dev-security-policy Subject: Re: Misissuance and BR Audit Statements Wayne, Thanks for raising this. I definitely find it surprising to see nothing noted on Comodo's report, as you call out. As another datapoint, consider this recent audit

Re: Misissuance and BR Audit Statements

2018-08-15 Thread Ryan Sleevi via dev-security-policy
Wayne, Thanks for raising this. I definitely find it surprising to see nothing noted on Comodo's report, as you call out. As another datapoint, consider this recent audit that is reported to be from DigiCert, by way of Amazon Trust Services' providing the audits for their externally operated