On 7/16/19 12:25 PM, Kurt Roeckx wrote:
On Tue, Jul 16, 2019 at 12:12:57PM -0700, Kathleen Wilson via
dev-security-policy wrote:
Mozilla: Overdue Audit Statements
CA Owner: LuxTrust
<snip>
Standard Audit Period End Date: 2018-03-30
<snip>
For the overdue statements, I always see a comment, ussually
something like:
| ** Audit Case in the Common CA Database is under review for this root
| certificate.
But this root CA doesn't seem to have have any comment. Nor does this one:
Mozilla: Overdue Audit Statements
CA Owner: Asseco Data Systems S.A. (previously Unizeto Certum)
<snip>
Standard Audit Period End Date: 2018-03-26
<snip>
Will you open such audit cases? Is this just some timing problem
that the mails got sent before it could be opened?
Hi Kurt,
The comment "** Audit Case..." means that the CA has created an Audit
Case providing updated audits for those root certs, but those audit
statements have not yet reviewed/accepted by Mozilla.
https://ccadb.org/cas/updates
There was no commentary about LuxTrust and Asseco, because those CAs
have not yet submitted their Audit Case.
Thanks to you for the reminder, I have filed the following CA Compliance
bugs.
https://bugzilla.mozilla.org/show_bug.cgi?id=1566580
LuxTrust: Overdue Audit Statements 2019
https://bugzilla.mozilla.org/show_bug.cgi?id=1566586
Asseco/Certum: Overdue Audit Statements 2019
> I also miss things like the state in the intermediate summary you
> sent.
For intermediate certs, the CAs update the audit statements directly in
the corresponding record in the CCADB. I do not currently review those
audit statements, but I am working on adding Audit Letter Validation
(ALV) to intermediate certs.
By the way:
Mozilla: Audit Reminder
CA Owner: Swisscom (Switzerland) Ltd
Root Certificates:
Swisscom Root CA 2
Standard Audit: https://bugzilla.mozilla.org/attachment.cgi?id=8985611
Standard Audit Period End Date: 2018-03-31
CA Comments: null
I filed
https://bugzilla.mozilla.org/show_bug.cgi?id=1566569
Remove Swisscom Root CA 2 root certificate
(per an email I had previously received from the CA)
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy