January 2020 CA Communication

ACTION 4: Ensure Audit Reports are Properly Formatted We have implemented automated audit letter validation (ALV) to process audit cases submitted to the CCADB. To improve the success rate of ALV, please ensure that your auditors comply with the following requirements in all future audit statements. This has been added to the CCADB Policy (section 5.1), and is especially important now that we have extended ALV to intermediate certificates.
  • Dates
    • Accepted date formats (month names in English):
      • Month DD, YYYY example: May 7, 2016
      • DD Month YYYY example: 7 May 2016
      • YYYY-MM-DD example: 2016-05-07
    • No extra text within the date, such as “7th” or “the”
  • SHA256 Thumbprint
    • No colons, no spaces, and no linefeeds
    • Uppercase letters
    • Should be encoded in the document (PDF) as “selectable” text, not an image
ACTION 4 COMMENTS

CA Owner Response Response
AC Camerfirma, S.A. We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Actalis We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements In our current audit report, dates not follow the expected format(s) and SHA256 thumbprints have embedded spaces and linefeeds. We have requested our CAB to fix those details in future audit reports.
Amazon Trust Services We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Asseco Data Systems S.A. (previously Unizeto Certum) We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements Our current audit reports do not follow the expected formats.We have made request to our auditors to follow expected formats in future audit reports.
Atos We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Autoridad de Certificacion Firmaprofesional We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Buypass We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Certisign Certificadora Digital We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
China Financial Certification Authority (CFCA) We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Chunghwa Telecom We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
ComSign We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Consorci Administració Oberta de Catalunya (Consorci AOC, CATCert) We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Cybertrust Japan / JCSI We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
D-TRUST We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
DarkMatter LLC We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Deutsche Telekom Security GmbH We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Dhimyotis / Certigna We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
DigiCert We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Disig, a.s. We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
E-Tugra We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Entrust We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA)) We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
GlobalSign nv-sa We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
GoDaddy We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Google Trust Services LLC We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Government of Hong Kong (SAR), Hongkong Post, Certizen We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Government of Taiwan, Government Root Certification Authority (GRCA) We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Government of The Netherlands, PKIoverheid (Logius) Other (please describe below) The Webtrust management assertion and auditor's opinion for 2019 will comply with these requirements. For the ETSI audit statements issued by BSI for our TSPs we're currently working with BSI for these to be compliant. For future audits of PKIoverheid TSPs conducted by auditors previously not involved with PKIoverheid we will discuss these requirements to ensure continued compliance of PKIoverheid with ALV requirements.
Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
HARICA We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
IdenTrust Services, LLC We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Internet Security Research Group We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Izenpe S.A. We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Krajowa Izba Rozliczeniowa S.A. (KIR) We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
LuxTrust We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Microsec Ltd. We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements Our present audit reports already conform to these requirements.
Microsoft Corporation We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
NETLOCK Kft. We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
OISTE We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
QuoVadis We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
SECOM Trust Systems CO., LTD. Other (please describe below) We plan to create and update the audit report that complies with the requirements at the next audit. All audit reports will be updated around September 2020.
SK ID Solutions AS We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
SSL.com We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Sectigo We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
SecureTrust We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Shanghai Electronic Certification Authority Co., Ltd. We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
SwissSign AG We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Swisscom (Switzerland) Ltd Other (please describe below) Swisscom Certificates are not in the root store any more. Nevertheless we received the "Mozilla CA Communication: Action requested by January 31, 2020" mail from Wayne. Was this an error or is there something additional Swisscom needs to do in order not to receive the root store communications?
Taiwan-CA Inc. (TWCA) We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Telia Company We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
TrustCor Systems We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Trustis We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
Web.com We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
certSIGN We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements
eMudhra Technologies Limited We understand and will ensure that all future audit reports submitted by our auditors conform to these requirements