Telia has supplied the point-in-time audit reports required to verify remediation of the audit issues that were described in this thread and in https://bugzilla.mozilla.org/show_bug.cgi?id=1475115
Links to the PiT reports: https://support.trust.telia.com/download/CA/Telia-WebTrust-for-CA-Report-2018-10-31.pdf https://support.trust.telia.com/download/CA/Telia-SSL-Baseline-Requirements-Report-2018-10-31.pdf Other than the qualification noted below for their existing root certificate, the PiT reports are clean, so I have resolved the incident bug. - Wayne On Thu, Sep 6, 2018 at 2:46 PM Wayne Thayer <wtha...@mozilla.com> wrote: > Telia has described their plans to remediate the qualifications listed in > their latest audit reports: > https://bugzilla.mozilla.org/show_bug.cgi?id=1475115#c13 > > In summary: > > * Telia is planning to obtain point-in-time audit reports to confirm that > the issues have been resolved. I have asked Telia to include specific > statements in their Management Assertions confirming that each > qualification has been fixed. > > * One of the qualifications concerns the contents of their root > certificates, so Telia is planning to replace them but will require > significant time to go through the root inclusion process before the > non-BR-compliant roots can be removed. Until that happens, we can expect to > see this qualification on their audit reports. > > * Finally, in regard to the improperly validated email address in > Subject:emailAddress, Telia stopped including this field in July, but plans > to let the existing certificates expire naturally. I would expect the > failure to revoke to be another qualification captured on Telia's next > period-of-time BR audit. > > - Wayne > > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy