Telia has described their plans to remediate the qualifications listed in their latest audit reports: https://bugzilla.mozilla.org/show_bug.cgi?id=1475115#c13
In summary: * Telia is planning to obtain point-in-time audit reports to confirm that the issues have been resolved. I have asked Telia to include specific statements in their Management Assertions confirming that each qualification has been fixed. * One of the qualifications concerns the contents of their root certificates, so Telia is planning to replace them but will require significant time to go through the root inclusion process before the non-BR-compliant roots can be removed. Until that happens, we can expect to see this qualification on their audit reports. * Finally, in regard to the improperly validated email address in Subject:emailAddress, Telia stopped including this field in July, but plans to let the existing certificates expire naturally. I would expect the failure to revoke to be another qualification captured on Telia's next period-of-time BR audit. - Wayne On Thu, Aug 23, 2018 at 4:34 AM pekka.lahtiharju--- via dev-security-policy <[email protected]> wrote: > Also curious what validation methods should be used for OU and E when > Mozilla policy 2.2.1 is... > > "All information that is supplied by the certificate subscriber MUST be > verified by using an independent source of information" > > ...and you say that no potentially inaccurate information is allowed to > put to certificates. > > Is it so that the only compatible option for CA is to reject all E and > almost all OU values? > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
