Changes

Jump to: navigation, search

CA/Symantec Issues

83 bytes added, 11:08, 3 April 2017
Replace accidentally-deleted URL
Symantec's RAs appear to have had a history of poor compliance with the BRs and other audit requirements, facts which were known to Symantec but not disclosed to Mozilla or dealt with in appropriately comprehensive ways.
Over multiple years ([https://www.symantec.com/content/en/us/about/media/repository/symantec-webtrust-audit-report.pdf 2013-12-01 to 2014-11-30], [n https://www.symantec.com/content/en/us/about/media/repository/GeoTrust-WTBR-2015.pdf 2014-12-01 to 2015-11-30]), Symantec's "GeoTrust" audits were qualified to say that they did not have proper audit information for some of these RAs. This information was in their management assertions, and repeated in the audit findings. So the poor audit situation was ongoing and known. Also, other audit reports, despite being in hierarchies accessible for issuance by the same RAs, did not have similar qualifications ([https://www.symantec.com/content/en/us/about/media/repository/Symantec-STN-WTCA-2015.pdf Symantec Trust Network, 2014-12-01 to 2015-11-30]).
We currently know of four RAs who were in Symantec's program - CrossCert, Certisign, Certsuperior, and Certisur.
Accountapprovers, antispam, confirm, emeritus
4,925
edits

Navigation menu