On Thursday, August 25, 2016 at 12:14:10 AM UTC-7, Richard Wang wrote: > We can post all 2015 issued SSL certificate to CT log server if necessary.
Is there any reason not to do that proactively? > For BR auditor, I think this issue is too technical that fewer auditor can > find out this problem. The audit letter included an attestation from Management that, during the time of the audit, management believed that the CA complied with the Baseline Requirements. Management was aware of non-compliance, by virtue of revocation and system and procedural changes to align with compliance. Thus, do you believe it was faithful and accurate for Management to warrant that the CA was operated in compliance with the BRs, given that Management was aware of incidents of non-compliance? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy