I concur to Bruce's consern,
Albeit not directly conserning this discussion, we already have this issue
in our hands:
https://www.chromium.org/Home/chromium-security/root-ca-policy/#6-annual-self-assessments
But yes, this will be moving target, I would propose that this could be
tight
The issue I have with "at least every 365 days" is that I like to put
something on the schedule and do it the same month every year. We do this
with our annual compliance audit. If we have to provide the self-assessment
at least every 365 days, then each year it will be earlier to provide some
Hi Pedro,
If the CA has two sites, one primary and one secondary, and if the
secondary site hasn't been audited during the audit period, then the audit
letter should mention that.
Thanks,
Ben
On Thu, Jun 29, 2023 at 1:39 AM Pedro Fuentes wrote:
> Hi Ben,
> I'm a bit puzzled about how to specify
Hi Ben,
I'm a bit puzzled about how to specify the locations that "were not
audited".
What does this mean?
Thanks!
Pedro
El martes, 27 de junio de 2023 a las 17:37:44 UTC+2, Ben Wilson escribió:
> All,
>
> Section 5.1 of the CCADB Policy
>