CA/Visa Issues: Difference between revisions

← Older edit

CA/Visa Issues (view source)

Revision as of 22:07, 30 December 2021

15 bytes added , 30 December 2021

m

Kathleen Wilson moved page CA:Visa Issues to CA/Visa Issues: Moved from CA: to CA/

Kathleen Wilson

Confirmed users, Administrators

5,526

edits

@@ Line 4: / Line 4: @@
 ==Issue A: Missing Baseline Requirements Audits (2014 - March 2016)==
-Visa received an initial point-in-time Baseline Requirements audit (PITRA) on March 31, 2016 [https://bugzilla.mozilla.org/attachment.cgi?id=8795503 [1]]. This was more than two years past Mozilla’s deadline for BR compliance: “CAs with a root certificate that has the websites (SSL/TLS) trust bit enabled in Mozilla's CA Certificate Program shall have their SSL certificate issuance and operations audited according to the Baseline Requirements between February 15, 2013, and February 15, 2014.” [https://wiki.mozilla.org/CA:CertificatePolicyV2.1#Time_Frames_for_included_CAs_to_comply_with_the_new_policy [2]]
+Visa received an initial point-in-time Baseline Requirements audit on March 31, 2016 [https://bugzilla.mozilla.org/attachment.cgi?id=8795503 [1]]. This was more than two years past Mozilla’s deadline for BR compliance: “CAs with a root certificate that has the websites (SSL/TLS) trust bit enabled in Mozilla's CA Certificate Program shall have their SSL certificate issuance and operations audited according to the Baseline Requirements between February 15, 2013, and February 15, 2014.” [https://wiki.mozilla.org/CA:CertificatePolicyV2.1#Time_Frames_for_included_CAs_to_comply_with_the_new_policy [2]]
 ==Issue B. Qualified Audits (2016 - Present)==
@@ Line 80: / Line 80: @@
 ==Issue G: Internal Names in Certificates (2016)==
-In bug 1391087 [https://bugzilla.mozilla.org/show_bug.cgi?id=1391087 [13]], Visa was found to have issued two certificates [https://misissued.com/batch/8/ [14]] containing internal names that were not revoked by the BR deadline of October 1, 2016. In the bug, Visa stated that they completed their initial BR audit in September 2016 when the BR PITR report was issued, but one of these certificates was issued after the BR PITRA audit date of March 31, 2016. In this bug, Visa declined repeated requests to provide a list of additional misissued certificates that were identified during their internal investigation.
+In bug 1391087 [https://bugzilla.mozilla.org/show_bug.cgi?id=1391087 [13]], Visa was found to have issued two certificates [https://misissued.com/batch/8/ [14]] containing internal names that were not revoked by the BR deadline of October 1, 2016. In the bug, Visa stated that they completed their initial BR audit in September 2016 when the BR point-in-time audit report was issued, but one of these certificates was issued after the BR point-in-time audit date of March 31, 2016. In this bug, Visa declined repeated requests to provide a list of additional misissued certificates that were identified during their internal investigation.
 ==Issue H: Failure to Respond to Problem Reports Within 24 Hours (2017)==