El martes, 26 de junio de 2018, 23:11:08 (UTC+2), Wayne Thayer escribió: > On Tue, Jun 26, 2018 at 1:53 PM Pedro Fuentes via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > > El martes, 26 de junio de 2018, 22:36:23 (UTC+2), Ryan Sleevi escribió: > > > > Hopefully the audit report will be just as boringly positive as usual... :) > > > > I'll come back then in a few weeks, once the audit process is over and we > > get the result. > > > > Thank you Pedro. My understanding, then, is that we will be placing this > inclusion request on hold until we receive the audit report covering the > period beginning on 9-May 2017.
Well, I'm afraid this is the only solution given the current situation, but being a solution, we are more than happy with it. I must say that this is not what we expected when the inclusion request was accepted in Bugzilla, because the audit requirements should be just met or not met, and I still have the feeling that the inclusion request was filed in accordance to the Mozilla Policy and the BR, on the dates the request was sent and processed, else we shouldn't have arrived to the public discussion phase. As per my understanding and according to our auditors, it also happened to us that the new illustrative reports weren't yet enforced on the dates we did the audits for GC, as per the publication dates of these illustrative reports, and it also happened that there were ulterior discussions in the forum about the need to consider unbroken audit periods in the Mozilla Policy, but because these discussions were ulterior, we couldn't be aware when the inclusion request was sent. Nevertheless, for us its always a chance to learn new things and the feedback received is always considered positive to improve our practices. And I also hope our case helps other CAs to understand better this new criteria. In summary, we're happy to do as requested and get the new Root hopefully accepted soon. Thanks for your support and time dedicated to our case. I'll come back when the new audit reports are ready. Best regards, Pedro _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
