Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925
edits
CA/Symantec Issues: Difference between revisions
Jump to navigation
Jump to search
Add note about late audits
(Add Issue Q) |
(Add note about late audits) |
||
| Line 144: | Line 144: | ||
==Issue Q: Symantec Audit Issues 2016 (December 2015 - November 2016)== | ==Issue Q: Symantec Audit Issues 2016 (December 2015 - November 2016)== | ||
The Baseline Requirements section 8.6 says that CAs SHOULD provide audits within 90 days of the end of the audit period; this SHOULD was not followed by Symantec for both the 2014/15 and 2015/16 audit cycles. However, Symantec is not the only CA which regularly supplies its audits late. | |||
Symantec's 2016 audit reports can be found in their [https://www.symantec.com/about/legal/repository.jsp?tab=Tab3 legal repository]. Symantec's standard audit period is from December 1st to November 31st. However, for 2016, they have split the audits into two roughly six-month periods, and had separate audit opinions issued for each. | Symantec's 2016 audit reports can be found in their [https://www.symantec.com/about/legal/repository.jsp?tab=Tab3 legal repository]. Symantec's standard audit period is from December 1st to November 31st. However, for 2016, they have split the audits into two roughly six-month periods, and had separate audit opinions issued for each. | ||
| Line 153: | Line 155: | ||
===Symantec Response=== | ===Symantec Response=== | ||
Each of the documents contains, in a following table, Symantec's comments on the qualifications and what they have done or are doing to remedy them. | Each of the documents contains, in a following table, Symantec's comments on the qualifications and what they have done or are doing to remedy them. | ||
==Issue R: Insecure Issuance API (2013 or earlier - November 2016)== | ==Issue R: Insecure Issuance API (2013 or earlier - November 2016)== | ||