1. We've been required by our auditors in their WebTrust Principles and Criteria for Certification Authorities v2.0 & Extended Validation SSL v1.6 Qualified Audits Reports of a series of changes that we must make in our CP & CPS W4CA https://bugzilla.mozilla.org/attachment.cgi?id=8995928 WEV https://bugzilla.mozilla.org/attachment.cgi?id=8995931
2. 2018-07-14 -> Qualified Audit Report 2018-09-17 -> CPS & CP's new versions will be disclosed 6. The management of the versions and changes on the CPS & CP was incorrect under the auditor's criteria since Camerfirma has always considered that the CPS prevailed over the specific PCs and that the update of the CPS would be sufficient. Changes related to the self-assessment of at least 3% of the certificates issued are also incorporated. 7. We've worked on correcting these imbalances by incorporating the auditor's criteria into our procedures and the result will be the new versions that will be published 2018-09-17. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy