Good point Ryan. I've changed PITRA to "point-in-time audit" on this wiki page. There is also an open issue to fix the references to PITRAs in the Root Store Policy: https://github.com/mozilla/pkipolicy/issues/151
On Thu, Sep 13, 2018 at 1:28 PM Ryan Sleevi <r...@sleevi.com> wrote: > > > On Thu, Sep 13, 2018 at 3:26 PM Wayne Thayer via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > >> Visa recently delivered new qualified audit reports for their eCommerce >> Root that is included in the Mozilla program. I opened a bug [1] and >> requested an incident report from Visa. >> >> Visa was also the subject of a thread [2] earlier this year in which I >> stated that I would look into some of the concerns that were raised. I've >> done that and have compiled the following issues list: >> >> https://wiki.mozilla.org/CA:Visa_Issues >> >> While I have attempted to make this list as complete, accurate, and >> factual >> as possible, it may be updated as more information is received from Visa >> and the community. >> >> I would like to request that a representative from Visa engage in this >> discussion and provide responses to these issues. >> >> - Wayne >> >> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1485851 >> [2] >> >> https://groups.google.com/d/msg/mozilla.dev.security.policy/NNV3zvX43vE/ns8UUwp8BgAJ > > > Compared to the seriousness and scope of these issues, this is by far a > minor correction, and does not undermine any of the evaluation. However, as > a pedantic note, it's noted as "PITRA" while stating "Point in Time audit". > A point-in-time readiness assessment is for management's eyes only, while > the report provided is just a Point in time Audit. I think just deleting > the parenthetical PITRA is sufficient and just consistently used Point in > Time audit. > > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
