Hi Gerv, Those updates are referred basically to the format of the report in which Franck asked to include specific information such as the serial number, names, etc. according to your instructions. The report itself has not been changed (that´s forbidden).
Regarding the qualifications or findings, the majority of them were fixed at that time as the auditors explain in the section "other questions". There were only 2 pending, the BCP and the TSA, which have been finished and do not affect to the validation&issuance processes. I can provide responses to all those findings, as I did to the auditors, with evidences. Best regards Iñigo Barreira CEO StartCom CA Limited -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+inigo=startcomca....@lists.mozilla.org] On Behalf Of Gervase Markham via dev-security-policy Sent: lunes, 11 de septiembre de 2017 13:27 To: Franck Leroy <fr.le...@gmail.com>; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: StartCom cross-signs disclosed by Certinomis Hi Franck, On 03/08/17 08:59, Franck Leroy wrote: > On end of June the audit report form PwC was available but with still some minor issues. I asked StartCom to correct them. > > On July 14th the audit report and the policy were updated and published on StartCom website. The audit reports on StartCom's website <https://www.startcomca.com/policy> are dated at the end of June, and have significant qualifications. E.g.: https://www.startcomca.com/pwc-webtrust-ca-2017.pdf What updates to the audit reports were made on July 14th? Do you consider these audit reports sufficient to say the StartCom has passed these audits, despite the qualifications therein? Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy