I would like to suggest to add the clause "if legally allowed" at the end. I had some crazy discussions with colleagues in Russia and Québec about documents in English. Also it should be added that the audit information must be publicly available in the Internet. The whole sentence would be:
"The audit information MUST be publicly available in the Internet. An English version MUST be provided. The English version MUST be authoritative if legally possible under the jurisdiction of the CAs home country." With best regards, Rufus Buschart Siemens AG GS IT HR 7 4 Hugo-Junkers-Str. 9 90411 Nuernberg, Germany Tel.: +49 1522 2894134 mailto:rufus.busch...@siemens.com www.siemens.com/ingenuityforlife -----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+rufus.buschart=siemens....@lists.mozilla.org] On Behalf Of Tim Hollebeek via dev-security-policy Sent: Donnerstag, 5. April 2018 02:49 To: Ryan Hurst; mozilla-dev-security-pol...@lists.mozilla.org Subject: RE: Policy 2.6 Proposal: Require English Language Audit Reports Call me crazy, but for this particular requirement, I think simple sentences might be better. "The audit information MUST be publicly available. An English version MUST be provided. The English version MUST be authoritative." -Tim > -----Original Message----- > From: dev-security-policy [mailto:dev-security-policy- > bounces+tim.hollebeek=digicert....@lists.mozilla.org] On Behalf Of > bounces+Ryan > Hurst via dev-security-policy > Sent: Wednesday, April 4, 2018 7:19 PM > To: mozilla-dev-security-pol...@lists.mozilla.org > Subject: Re: Policy 2.6 Proposal: Require English Language Audit > Reports > > > > An authoritative English language version of the publicly-available > > audit information MUST be supplied by the Auditor. > > > > it would be helpful for auditors that issue report in languages > > other than English to confirm that this won't create any issues. > > That would address my concern. > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://clicktime.symantec.com/a/1/qGy7WL45gRate5ccNJV7plt7IjXPV-pd- > LTa9gPkQc8=?d=fgUiNjCpj8UK6ue4NShfzLGHGzkJWwPb3tOchiTvGntTxuK9bVX > 5aMMPzBijLrabsuGnsFF4O9QSQsBjPBTpEb0gpSmHGiantqc2OcSQ0D4jZ5aLA1u > eomyRD8-dNmIp4I87-T1G40WpIGyLEnm- > Z2ye83FoVpIrjeWcM6ujsgxkvPTYEEPgJJ5S8QA9fQctHsjXIyT8HT8j6vDTknG1enh > GZ_T_dA6JBbp81zJ4L1Ca2eX6aXcvz5BgcHvS6yotf6bd2EfLLWJKAZnR6o1yRxbzw > lGl0_7xHVJs8xbMEdUuaI4b4pcup6QbPJsW1UQHIPAR6GFsxCauMSz5EJ- > 5c38HJOLDPZLF5Tj0N6r- > JIozX3YVUyZqRdSb4iIILNv8LsXVCwyud6ALgaqx4PJwF_leqzOCmmHBoYDZqI9z0 > 932I7QTktLec_1ZHGSkFGA664AXspslouRvtqP4eZfikJgsBoxEO1G2a2tx6n5uwZle > -vFX&u=https%3A%2F%2Flists.mozilla.org%2Flistinfo%2Fdev-security-polic > y _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy