On 10/16/18 1:39 PM, Kurt Roeckx wrote:
On Tue, Oct 16, 2018 at 12:49:41PM -0700, Kathleen Wilson via
dev-security-policy wrote:
-------- Forwarded Message --------
Subject: Summary of October 2018 Audit Reminder Emails
Date: Tue, 16 Oct 2018 19:00:37 +0000 (GMT)
Mozilla: Audit Reminder
Root Certificates:
AC Raíz Certicámara S.A.
Standard Audit:
http://www.cpacanada.ca/GenericHandlers/AptifyAttachmentHandler.ashx?AttachmentID=221203
Audit Statement Date: 2017-08-09
CA Comments: null
It covers the period of 2016-05-01 to 2017-04-30. They should have
a new audit report by now.
I filed the following Bugzilla Bug to remove this cert in the next batch
of root changes:
https://bugzilla.mozilla.org/show_bug.cgi?id=1501457
Reason for removal: No current audit statement for this root, and CA
failed to respond to the September 2018 CA Communication survey.
Mozilla: Audit Reminder
Root Certificates:
Certinomis - Root CA
Standard Audit:
https://bug937589.bmoattachments.org/attachment.cgi?id=8898169
Audit Statement Date: 2017-07-24
BR Audit: https://bug937589.bmoattachments.org/attachment.cgi?id=8898169
BR Audit Statement Date: 2017-07-24
CA Comments: null
This seems to be in French, and does not seem to even indicate
when the audit was done, just that the report itself is valid for
2 years.
Our official requirement for the audit statements to be in English is
new in version 2.6 of our policy (effective date July 1, 2018). Also,
last July we were still having difficulty getting the ETSI auditors on
board with specifying audit periods in their audit statements.
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
