Closed Bug 1582596 Opened 2 years ago Closed 1 year ago

Ernst & Young Virginia: Audit issues

Categories

(NSS :: CA Certificate Compliance, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: ryan.sleevi, Assigned: bwilson)

Details

(Whiteboard: [auditor-compliance])

Attachments

(2 files)

Ernst & Young Virginia issued a WebTrust for CAs Assessment Report to the Government Printing Office of the United States, as disclosed at https://www.oversight.gov/node/20242

The first public version of the report used the boiler plate language from the Illustrative Report, stating
"Subscriber information is properly authenticated (for the registration activities performed by ABC-CA); and"

The correct name of the CA within the report is GPO-CA. As such, the above statement provides no assurances about this specific Principle and Criteria for the activities for GPO-CA.

This was confirmed by the WebTrust Task Force as an oversight, and is being corrected. The original report is attached, as well as the information from https://www.oversight.gov/node/20243 , which names the auditors involved in the preparation and approval of this report.

Related past bugs: Bug 1525441, Bug 1525412, Bug 1525423, Bug 1525446, Bug 1525082

Wayne: I think you're just closing auditor bugs? I wasn't sure if Kathleen tracked these in CCADB.

Flags: needinfo?(kwilson)

(In reply to Ryan Sleevi from comment #2)

I wasn't sure if Kathleen tracked these in CCADB.

Added auditor comment in CCADB. Thanks!

Flags: needinfo?(kwilson)

(In reply to Ryan Sleevi from comment #2)

Wayne: I think you're just closing auditor bugs?

I've just been leaving them open, but closed if fine as well.

Whiteboard: [auditor compliance]
Whiteboard: [auditor compliance] → [auditor-compliance]
Assignee: wthayer → bwilson
QA Contact: wthayer → kwilson

Based on Comment #4 above, I am closing this bug.

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.