Re: Audit Reminder Email Summary
Thanks for pointing this out Kurt. The Certinomis / Docapost audit report is now almost one month late. Also, last week the Certinomis representative informed root programs that he was leaving his post and two others would be taking his place. I have just emailed the two new representatives and asked them to explain when we will see the audit report. I'm also concerned about their numerous compliance bugs. - Wayne On Tue, Nov 20, 2018 at 3:15 PM Kurt Roeckx via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On Tue, Oct 23, 2018 at 02:35:37PM -0700, Kathleen Wilson via > dev-security-policy wrote: > > > > Mozilla: Audit Reminder > > > > Root Certificates: > > > > Certinomis - Root CA > > > > Standard Audit: > > > > https://bug937589.bmoattachments.org/attachment.cgi?id=8898169 > > > > Audit Statement Date: 2017-07-24 > > > > BR Audit: > https://bug937589.bmoattachments.org/attachment.cgi?id=8898169 > > > > BR Audit Statement Date: 2017-07-24 > > > > CA Comments: null > > > > > > This seems to be in French, and does not seem to even indicate > > > when the audit was done, just that the report itself is valid for > > > 2 years. > > > > Our official requirement for the audit statements to be in English is > new in > > version 2.6 of our policy (effective date July 1, 2018). Also, last July > we > > were still having difficulty getting the ETSI auditors on board with > > specifying audit periods in their audit statements. > > So it seems nothing changed related to this in the last month, > they are clearly late in providing a new audit statement. > > > Kurt > > ___ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminder Email Summary
On Tue, Oct 23, 2018 at 02:35:37PM -0700, Kathleen Wilson via dev-security-policy wrote: > > > Mozilla: Audit Reminder > > > Root Certificates: > > > Certinomis - Root CA > > > Standard Audit: > > > https://bug937589.bmoattachments.org/attachment.cgi?id=8898169 > > > Audit Statement Date: 2017-07-24 > > > BR Audit: https://bug937589.bmoattachments.org/attachment.cgi?id=8898169 > > > BR Audit Statement Date: 2017-07-24 > > > CA Comments: null > > > > This seems to be in French, and does not seem to even indicate > > when the audit was done, just that the report itself is valid for > > 2 years. > > Our official requirement for the audit statements to be in English is new in > version 2.6 of our policy (effective date July 1, 2018). Also, last July we > were still having difficulty getting the ETSI auditors on board with > specifying audit periods in their audit statements. So it seems nothing changed related to this in the last month, they are clearly late in providing a new audit statement. Kurt ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminder Email Summary
Forwarded Message Subject: Summary of November 2018 Audit Reminder Emails Date: Tue, 20 Nov 2018 20:00:09 + (GMT) Mozilla: Audit Reminder Root Certificates: TrustCor RootCert CA-2 TrustCor RootCert CA-1 TrustCor ECA-1 Standard Audit: http://www.cpacanada.ca/GenericHandlers/AptifyAttachmentHandler.ashx?AttachmentID=221175 Audit Statement Date: 2017-12-15 BR Audit: http://www.cpacanada.ca/GenericHandlers/AptifyAttachmentHandler.ashx?AttachmentID=221176 BR Audit Statement Date: 2017-12-15 CA Comments: null Mozilla: Audit Reminder Root Certificates: EE Certification Centre Root CA Standard Audit: https://sk.ee/upload/files/AA2017112401_Audit%20Attestation_final.pdf Audit Statement Date: 2017-11-24 BR Audit: https://sk.ee/upload/files/AA2017112401_Audit%20Attestation_final.pdf BR Audit Statement Date: 2017-11-24 CA Comments: null Mozilla: Audit Reminder Root Certificates: Certinomis - Root CA Standard Audit: https://bug937589.bmoattachments.org/attachment.cgi?id=8898169 Audit Statement Date: 2017-07-24 BR Audit: https://bug937589.bmoattachments.org/attachment.cgi?id=8898169 BR Audit Statement Date: 2017-07-24 CA Comments: null Mozilla: Audit Reminder Root Certificates: D-TRUST Root CA 3 2013** D-TRUST Root Class 3 CA 2 2009** D-TRUST Root Class 3 CA 2 EV 2009** ** Audit Case in the Common CA Database is under review for this root certificate. Standard Audit: https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2017120703_Browser_Auidt_Attestation_s.pdf Audit Statement Date: 2017-12-07 Standard Audit: https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2017120702_Browser_Audit_Attestation_s.pdf Audit Statement Date: 2017-12-07 Standard Audit: https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2017120701_Browser_Audit_Atestation_s.pdf Audit Statement Date: 2017-12-07 BR Audit: https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2017120703_Browser_Auidt_Attestation_s.pdf BR Audit Statement Date: 2017-12-07 BR Audit: https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2017120702_Browser_Audit_Attestation_s.pdf BR Audit Statement Date: 2017-12-07 BR Audit: https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2017120701_Browser_Audit_Atestation_s.pdf BR Audit Statement Date: 2017-12-07 EV Audit: https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2017120701_Browser_Audit_Atestation_s.pdf EV Audit Statement Date: 2017-12-07 CA Comments: null Mozilla: Audit Reminder Root Certificates: TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 Standard Audit: https://bug1262809.bmoattachments.org/attachment.cgi?id=8937952 Audit Statement Date: 2017-12-08 BR Audit: https://bug1262809.bmoattachments.org/attachment.cgi?id=8937952 BR Audit Statement Date: 2017-12-08 CA Comments: null Mozilla: Audit Reminder Root Certificates: Microsec e-Szigno Root CA 2009 Standard Audit: https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2017121401_Browser_Audit_Attestation_s.pdf Audit Statement Date: 2017-12-14 BR Audit: https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2017121402_Browser_Audit_Attestation_s.pdf BR Audit Statement Date: 2017-12-14 CA Comments: null Mozilla: Audit Reminder Root Certificates: Class 2 Primary CA Standard Audit: https://bug1297034.bmoattachments.org/attachment.cgi?id=8916590 Audit Statement Date: 2017-07-24 BR Audit: https://bug1297034.bmoattachments.org/attachment.cgi?id=8916590 BR Audit Statement Date: 2017-07-24 CA Comments: https://bugzilla.mozilla.org/show_bug.cgi?id=1465629 https://bugzilla.mozilla.org/attachment.cgi?id=9024032 Need CA to create Audit Case in CCADB Mozilla: Audit Reminder Root Certificates: SwissSign Gold CA - G2 Standard Audit: https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2017113001_Browser_Audit_Attestation_s.pdf Audit Statement Date: 2017-11-30 BR Audit: https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2017113001_Browser_Audit_Attestation_s.pdf BR Audit Statement Date: 2017-11-30 EV Audit: https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2017113001_Browser_Audit_Attestation_s.pdf EV Audit Statement Date: 2017-11-30 CA Comments: null Mozilla: Audit Reminder Root Certificates: Secure Global CA SecureTrust CA XRamp Global Certification Authority Standard Audit: http://www.cpacanada.ca/GenericHandlers/AptifyAttachmentHandler.ashx?AttachmentID=221135 Audit Statement Date: 2017-11-17 BR Audit: http://www.cpacanada.ca/GenericHandlers/AptifyAttachmentHandler.ashx?AttachmentID=221136 BR Audit Statement Date: 2017-11-17 EV Audit: http://www.cpacanada.ca/GenericHandlers/AptifyAttachmentHandler.ashx?AttachmentID=221137 EV Audit Statement Date: 2017-11-17 CA Comments: null Mozilla: Audit Reminder Root Certificates: CFCA EV ROOT Standard Audit: