On 09/23/2016 10:11 PM, Peter Bowen wrote:
On Fri, Sep 23, 2016 at 10:46 AM, Eddy Nigg wrote:
Speaking only for StartCom here, as far as I know and as per auditing
standards, all intermediate CAs are audited (no external intermediates
existed).
As to network security, I believe this is part of
On Fri, Sep 23, 2016 at 10:46 AM, Eddy Nigg wrote:
> On 09/23/2016 05:53 AM, Peter Bowen wrote:
>>
>> Review of StartCom audit reports
>> for the period 1 January 2015 to 31 December 2015
>>
>> Good:
>> - Uses AICPA standards
>> - Uses current criteria versions
>>
>> Bad:
>> - Only covers two root
On 09/23/2016 05:53 AM, Peter Bowen wrote:
Review of StartCom audit reports
for the period 1 January 2015 to 31 December 2015
Good:
- Uses AICPA standards
- Uses current criteria versions
Bad:
- Only covers two roots, not subordinate CAs (true for all three
reports: CA, BR, and EV)
- Does not p
Original Message-
From: Gervase Markham [mailto:g...@mozilla.org]
Sent: Friday, September 23, 2016 6:04 PM
To: Richard Wang ; Peter Bowen ;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: WoSign and StartCom audit reports
On 23/09/16 10:56, Richard Wang wrote:
> Yes, 100% independ
On 23/09/16 10:56, Richard Wang wrote:
> Yes, 100% independent in 2015. So please don't tie two companies
> together for anything happened in 2015, thanks.
Oh, I see what you mean. :-)
> From Dec. 20th - 22nd 2015, the StartCom new website -
> www.startssl.com moved to USA IDC that designed by St
zilla.org]
Sent: Friday, September 23, 2016 5:41 PM
To: Richard Wang ; Peter Bowen ;
mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: WoSign and StartCom audit reports
On 23/09/16 06:35, Richard Wang wrote:
> For StartCom, Eddy can say something about it, StartCom is 1000% independen
On 23/09/16 06:35, Richard Wang wrote:
> For StartCom, Eddy can say something about it, StartCom is 1000% independent
> for everything at 2015.
You've said this or something very similar twice now, both times saying
"at 2015". This is probably a language thing, because native English
speakers wou
ssage-
From: dev-security-policy
[mailto:dev-security-policy-bounces+richard=wosign@lists.mozilla.org] On
Behalf Of Peter Bowen
Sent: Friday, September 23, 2016 10:54 AM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: WoSign and StartCom audit reports
As hinted at in my ea
As hinted at in my earlier email about what is expected in audit
reports, I've been looking at WebTrust audit reports from many CAs in
the Mozilla program and those applying to be in the program.
Since there has been lots of discussion about WoSign and Startcom
recently, I took a look at their lat
9 matches
Mail list logo
