On Tue, Apr 11, 2017 at 6:21 AM, Gervase Markham via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> Hi Ryan, > > On 10/04/17 17:20, Ryan Sleevi wrote: > > 1) You stated that this partner program applies to non-TLS certificates. > > The audit for both STN and for the RAs fails to make this distinction. > For > > example, audits are listed related to the issuance of of TLS > certificates. > > The audits linked to from the wiki page relating to E-Sign and MSC > TrustGate don't seem to have any mention of TLS certificates. Can you > explain which audits you are referring to above that do mention them? > The audits mention the CP/CPS has been evaluated as part of the scope of the audit. The CP/CPS mentions the issuance of TLS certificates as part of the hierarchy. For example, "E-Sign provides its services in accordance with its Certificate Policy and Certification Practices Statement" _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy