The purpose of this email is to begin public discussion on an addition to section 2.4 of the Mozilla Root Store Policy. Issue #154 <https://github.com/mozilla/pkipolicy/issues/154> in GitHub proposes to require that management assertions (CA disclosures to auditors) provide written mention of all incidents occurring (or open) during the audit period.
Initial draft language can be found here: https://github.com/BenWilson-Mozilla/pkipolicy/commit/bc669d03ba3fb7cb48dc4492d4e8dd52bfd9a943 and here: https://github.com/BenWilson-Mozilla/pkipolicy/commit/5dec00e53b4c6361d85af7644660fe185fcf463d This issue is a companion to Issue 187 <https://github.com/mozilla/pkipolicy/issues/187> (Consider requiring audit reports to list all incidents that occurred during the audit period or clearly state that the auditor is not aware of any) Please provide your comments and suggestions in response to this email. Thanks, Ben _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy