On 07/01/16 19:15, Peter Bowen wrote: > The information in the bug is incomplete by Mozilla's policy. They > indicate that they plan to get a WebTrust audit but have not done so > at this time. They should be informed that they need both a WebTrust > for CA and a WebTrust for BR audit before their application can move > forward.
This seems like the lowest-effort way to punt. I doubt they'd ever get one - and if they did, I'd want to have very careful words with their auditor. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy