Confirmed users, Administrators
5,526
edits
CA/BR Audit Guidance: Difference between revisions
m
→Audit Mistakes
m (→Audit Mistakes) |
|||
| Line 79: | Line 79: | ||
In the situation where a root certificate '''is in production and has issued certificates to customers''' before the CA knew about the BRs, an untold number of the previously issued certificates might not conform to the BRs. This could be serious, depending on which BRs the CA did not previously comply with, the number of BRs the CA did not previously comply with, and the quantity of such certificates issued. Depending on the situation, the CA may be asked to create a new root certificate for inclusion. Therefore, the CA and/or auditor shall provide a list of the BRs that the previously issued certificates did not comply with. | In the situation where a root certificate '''is in production and has issued certificates to customers''' before the CA knew about the BRs, an untold number of the previously issued certificates might not conform to the BRs. This could be serious, depending on which BRs the CA did not previously comply with, the number of BRs the CA did not previously comply with, and the quantity of such certificates issued. Depending on the situation, the CA may be asked to create a new root certificate for inclusion. Therefore, the CA and/or auditor shall provide a list of the BRs that the previously issued certificates did not comply with. | ||
== Auditor Qualifications == | |||
Auditor Qualifications are described in | |||
* Section 17.6 of the [https://cabforum.org/baseline-requirements-documents/ CA/Browser Forum's Baseline Requirements] | |||
* Items 13 and 14 of [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/ Mozilla's CA Certificate Inclusion Policy] | |||
== Audit Mistakes == | == Audit Mistakes == | ||