This is our reply for GT system For GT:
1, No SAN Status: No problem/Fixed This problem is found and fixed in pre-audit stage, but the test certificate is an old one, now is been revoked. As is mentioned in last reply, a Point in Time Pre-Issuance Readiness audit in this April. Since this is a point in time audit, the auditor only evaluated the design effectiveness. In the next audit, the operating effectiveness for a period will be evaluated. 2, MIME type status: Fixed. 3, OCSP signer certificate Status: Fixed. Using standards same as EV. 4, root key generation ceremony. Status: No problem. Same as EV. 5, CRL number field in crl downloaded from CRLDP Status: Fixed and updating 6, issue relate to oca2-SHA1 and oca2-SHA256 Status: System down for update. Leaders of CFCA take this matter very seriously and start an investigation: 1, Duplicate certificate is not allowed in CFCA's CA system, and the CA system running now cannot perform this operation. 2, It happened 2 years ago in a system update from SHA1 to SHA256.(SHA256 OCA2 have only issued several test certificates, take down and upgrade this system will not affect end users) 3, After inner evaluation we decide to start a upgrade/rebuild for GT system, meanwhile revoke related certificates and stop issuing new certificates in GT system. 4, According to 3, GT system is not ready for this Inclusion request. I suggest that we process GT/EV system separately, and take GT system out of this wave of Inclusion request. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
