On Fri, Feb 24, 2017 at 4:51 PM, Ryan Sleevi <r...@sleevi.com> wrote:
> > > On Wed, Feb 22, 2017 at 8:32 PM, Ryan Sleevi <r...@sleevi.com> wrote: > >> Hi Steve, >> >> Thanks for your continued attention to this matter. Your responses open >> many new and important questions and which give serious question as to >> whether the proposed remediations are sufficient. To keep this short, and >> thereby allow Symantec a more rapid response: >> >> 1) Please provide the CP, CPS, and Audit Letter(s) used for each RA >> partner since the acquisition by Symantec of the VeriSign Trust Services >> business in 2010. >> > > Hi Steve, > > Have you had the opportunity to review and complete this? This is > hopefully a simple task for your compliance team, given the critical > necessity of maintaining of records, so I'm hoping that you can post within > the next business day. > Hi Steve, I think we would have expected this would be fairly easy to obtain, given the record keeping requirements and the fact that these were relationships pre-existing to the Symantec acquisition. Can you speak to more about why the delay, and when Symantec expects this information to be available? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy