GoDaddy: inconsistent disclosure of externally-operated intermediate

The case involves GoDaddy's inconsistent disclosure regarding cross-certificates that were issued under different Certificate Policies/Certificate Practice Statements (CP/CPS). Initially, GoDaddy disclosed these certificates as being under their CP/CPS, despite the fact that the root certificate controlling them had been transferred to Amazon Trust Services. This led to confusion and concerns about compliance with Mozilla's incident reporting guidelines. GoDaddy has since acknowledged the issue and is working on updating their audit reports to reflect the correct disclosures.

1. 2019-07-18 GoDaddy disclosed intermediates operated under the same CP/CPS as parent.
2. 2019-07-27 GoDaddy acknowledged the inquiry and committed to a community response.
3. 2019-08-03 GoDaddy clarified the misunderstanding regarding the cross-certificates.
4. 2019-09-12 GoDaddy submitted updated audit reports for review.
5. 2020-01-23 The issue was deemed resolved from an audit perspective.