Accountapprovers, antispam, confirm, emeritus
4,925
edits
Changes
Add note about late audits
==Issue Q: Symantec Audit Issues 2016 (December 2015 - November 2016)==
The Baseline Requirements section 8.6 says that CAs SHOULD provide audits within 90 days of the end of the audit period; this SHOULD was not followed by Symantec for both the 2014/15 and 2015/16 audit cycles. However, Symantec is not the only CA which regularly supplies its audits late.
Symantec's 2016 audit reports can be found in their [https://www.symantec.com/about/legal/repository.jsp?tab=Tab3 legal repository]. Symantec's standard audit period is from December 1st to November 31st. However, for 2016, they have split the audits into two roughly six-month periods, and had separate audit opinions issued for each.
===Symantec Response===
Each of the documents contains, in a following table, Symantec's comments on the qualifications and what they have done or are doing to remedy them.
==Issue R: Insecure Issuance API (2013 or earlier - November 2016)==
