(In reply to Rafa from comment #141) > (In reply to Kathleen Wilson from comment #139) > > Please see item #2 of > > https://wiki.mozilla.org/CA: > > Information_checklist#Verification_Policies_and_Practices > > Hi Kathleen, > > on this issue, item #2 says: > > "If you provide the information yourself (e.g., it is hosted on your own web > site), please provide us with contact information for the auditor (or other > third party)."
That is referring to the auditor's statement. If the auditor's statement is published or provided by the CA, then I do a separate process to contact the auditor to confirm the authenticity of the auditor's statement. > > So, if we publish at our web site a self-statement and we also provide the > auditor's contact information, could be enough to meet Mozilla's > requirements? No. A self-statement does not help. We need audit statement(s) that meet the requirements of sections 11 through 14 of https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1271513 Title: www.cert.fnmt.es certificates are not included in Mozilla products To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1271513/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
