Skip to content

Commit

Permalink
Explicitly state that we do pre-issuance linting (#232)
Browse files Browse the repository at this point in the history 
Update Section 4.3.1 to mention our pre-issuance linting, which is now
required by the BRs. Also rephrase Section 8.7 to mention our
post-issuance (rather than pre-issuance) linting, in line with what that
section of the BRs cares about.

Fixes #223
  • Loading branch information
@aarongable
aarongable authored Oct 18, 2024
1 parent 348c7e3 commit c9bafa0
Showing 1 changed file with 2 additions and 5 deletions.
7 changes: 2 additions & 5 deletions CP-CPS.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -314,7 +314,7 @@ No stipulation.

### 4.3.1 CA actions during certificate issuance

At a high level, the following steps are taken during issuance of a Subscriber Certificate. ISRG's automated processes confirm that all names which will appear in the Common Name and/or list of SANs of the certificate have been properly validated to be controlled by the Subscriber requesting the certificate. The certificate is signed by a Subordinate CA in an HSM. After issuance is complete, the certificate is stored in a database and made available to the Subscriber.
At a high level, the following steps are taken during issuance of a Subscriber Certificate. ISRG's automated processes confirm that all names which will appear in the Common Name and/or list of SANs of the certificate have been properly validated to be controlled by the Subscriber requesting the certificate. The to-be-signed certificate is linted, then signed by a Subordinate CA in an HSM. After issuance is complete, the certificate is stored in a database and made available to the Subscriber.

### 4.3.2 Notification to subscriber by the CA of issuance of certificate

Expand Down Expand Up @@ -1197,10 +1197,7 @@ ISRG is not required to publicly disclose any audit finding that does not impact

## 8.7 Self-Audits

ISRG performs a quarterly internal audit of at least 3% of issuance since the last WebTrust audit period.
The sample is randomly selected. Results are saved and provided to auditors upon request.

In addition, ISRG conducts pre-issuance linting for all issuance.
ISRG performs a quarterly internal audit of at least a random 3% of issuance since the last WebTrust audit period. This audit includes linting of the selected certificates. Results are saved and provided to auditors upon request.

# 9. OTHER BUSINESS AND LEGAL MATTERS

Expand Down

0 comments on commit c9bafa0

Please sign in to comment.