1458038 - DocuSign/Keynectis: Missing BR Self Assessment

Status: RESOLVED WONTFIX

(CA Program :: CA Certificate Compliance, task)

Description

[Wayne Thayer]

Action 5 of Mozilla's 2-17 CA Communication required CAs to perform a BR Self Assessment by January 31, 2018. DocuSign responded:

We don't understand if we need to fill in this BR self assessment for all CAs using one self assessment for all or if we need to one assessment per CA. In the second case, this will require a huge work on our side and we will need extra time to do it (around 3 months). In addition, do we have to fill such an assessment for CA that don't issue SSL server certificates even if they could do so (as they are already audited)? 

The deadline for completing the BR Self Assessment was extended to April 15 in the January 2018 CA Communication, and DocuSign responded:

We previously requested an extension and intend to deliver our BR Self Assessment prior to 15-April 2018. 

No BR Self Assessment has been received from DocuSign.

Please respond with the following:
1. A date in the near future when Mozilla will receive DocuSign's BR Self Assessment.
2. An explanation of why the deadline was missed and why Mozilla wasn't notified.
3. An explanation of the steps that have been or will be taken to prevent an issue of this sort from happening again in the future.

Comment 1

[Wayne Thayer]

This BR self-assessment also needs to be completed if the Certplus Class 2 Primary CA is to remain in the Mozilla program with the websites trust bit enabled until 2019 as requested in bug 1465629

Comment 2

[Wayne Thayer]

Resolving because Docusign/Keynectis will cease to be a member of the Mozilla program in July as a result of bug 1465629.