Let's please discuss the auditor questions a little more...
The auditor's statement (http://www.cfca.com.cn/file/PwC_CFCA(en).rar)
says that the auditor performed the procedures according to the
"WebTrust for Certification Authorities - SSL Baseline Requirements
Audit Criteria Version 1.1"
which is available here:
http://www.webtrust.org/homepage-documents/item72052.docx
If an auditor strictly performs the audit procedures required by
WebTrust SSL Baseline Requirements Audit Criteria v1.1 (link above),
would that auditor identify all of the issues raised by Erwann?
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
