(In reply to Rafa from comment #141)
> (In reply to Kathleen Wilson from comment #139)
> > Please see item #2 of
> > https://wiki.mozilla.org/CA:
> > Information_checklist#Verification_Policies_and_Practices
>
> Hi Kathleen,
>
> on this issue, item #2 says:
>
> "If you provide the information yourself (e.g., it is hosted on your own web
> site), please provide us with contact information for the auditor (or other
> third party)."
That is referring to the auditor's statement. If the auditor's statement is published or provided by the CA, then I do a separate process to contact the auditor to confirm the authenticity of the auditor's statement.
>
> So, if we publish at our web site a self-statement and we also provide the
> auditor's contact information, could be enough to meet Mozilla's
> requirements?
(In reply to Rafa from comment #141) /wiki.mozilla. org/CA: checklist# Verification_ Policies_ and_Practices
> (In reply to Kathleen Wilson from comment #139)
> > Please see item #2 of
> > https:/
> > Information_
>
> Hi Kathleen,
>
> on this issue, item #2 says:
>
> "If you provide the information yourself (e.g., it is hosted on your own web
> site), please provide us with contact information for the auditor (or other
> third party)."
That is referring to the auditor's statement. If the auditor's statement is published or provided by the CA, then I do a separate process to contact the auditor to confirm the authenticity of the auditor's statement.
>
> So, if we publish at our web site a self-statement and we also provide the
> auditor's contact information, could be enough to meet Mozilla's
> requirements?
No. A self-statement does not help. /www.mozilla. org/en- US/about/ governance/ policies/ security- group/certs/ policy/ inclusion/
We need audit statement(s) that meet the requirements of sections 11 through 14 of
https:/