On 2017-05-15 12:52, Gervase Markham wrote:
Symantec never received any formal audits from UniCredit; I am trying to get hold of the informal ones. Their participation in the GeoRoot program started in January 2012: https://crt.sh/?CN=UniCredit+Subordinate+External So both organizations had full issuance rights for the WebPKI for over 5 years with no audit oversight whatsoever. And when it was finally done, the audit of Aetna seems to show what sort of arrangements result from that. Also, am I right in thinking that Actalis has recently cross-signed UniCredit? https://crt.sh/?id=47081615
At least it's technically constrained. Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy