Re: Audit Reminder Email Summary

Tue, 16 Jul 2019 13:22:41 -0700 

On 7/16/19 12:25 PM, Kurt Roeckx wrote:

On Tue, Jul 16, 2019 at 12:12:57PM -0700, Kathleen Wilson via 
dev-security-policy wrote:

Mozilla: Overdue Audit Statements
CA Owner: LuxTrust
<snip>
Standard Audit Period End Date: 2018-03-30
<snip>

For the overdue statements, I always see a comment, ussually
something like:
| ** Audit Case in the Common CA Database is under review for this root
| certificate.

But this root CA doesn't seem to have have any comment. Nor does this one:


Mozilla: Overdue Audit Statements
CA Owner: Asseco Data Systems S.A. (previously Unizeto Certum)
<snip>
Standard Audit Period End Date: 2018-03-26
<snip>


Will you open such audit cases? Is this just some timing problem
that the mails got sent before it could be opened?




Hi Kurt,
The comment "** Audit Case..." means that the CA has created an Audit Case providing updated audits for those root certs, but those audit statements have not yet reviewed/accepted by Mozilla. 

https://ccadb.org/cas/updates
There was no commentary about LuxTrust and Asseco, because those CAs have not yet submitted their Audit Case.
Thanks to you for the reminder, I have filed the following CA Compliance bugs. 

https://bugzilla.mozilla.org/show_bug.cgi?id=1566580
LuxTrust: Overdue Audit Statements 2019

https://bugzilla.mozilla.org/show_bug.cgi?id=1566586
Asseco/Certum: Overdue Audit Statements 2019


> I also miss things like the state in the intermediate summary you
> sent.
For intermediate certs, the CAs update the audit statements directly in the corresponding record in the CCADB. I do not currently review those audit statements, but I am working on adding Audit Letter Validation (ALV) to intermediate certs. 


By the way:

Mozilla: Audit Reminder
CA Owner: Swisscom (Switzerland) Ltd
Root Certificates:
    Swisscom Root CA 2
Standard Audit: https://bugzilla.mozilla.org/attachment.cgi?id=8985611
Standard Audit Period End Date: 2018-03-31
CA Comments: null 

I filed
https://bugzilla.mozilla.org/show_bug.cgi?id=1566569
Remove Swisscom Root CA 2 root certificate
(per an email I had previously received from the CA)


Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to