Hi Pedro,
I think that the proposed language works with the scenario you present. In
other words, you have 455 days after your previous year's audit end date to
submit your self assessment to the CCADB. This can be done in conjunction
with submitting your audit information in the CCADB using
All,
Here is a link to a GitHub comparison that shows all changes proposed to
the MRSP for version 2.9:
https://github.com/mozilla/pkipolicy/compare/e8a3f55ea7565bc72e9f9e9ab3e57c993fb0812d..342c5ab3172e3be4eca1b6e2bba6a61900e1c4f8
Alternatively, you can review the unmarked draft version 2.9
I got lost here "CA operators SHOULD submit the link to their
self-assessment at the same time as when they update their audit records
(within 455 calendar days after the CA operator's earliest appearing root
record's "BR Audit Period End Date" for the preceding audit period)."
Typically we'd
Thanks, Bruce,
It would be based on the significance of revisions and compliance dates
found in the Baseline Requirements and on when the template was updated and
approved by the participating root stores.
Ben
On Thu, Jul 27, 2023 at 9:13 AM 'Bruce Morton' via
dev-security-policy@mozilla.org
Looks good. There might be an issue with the version of the self-assessment
template as I don't think the CAs know when it will be updated. Is there a
schedule or is this random?
On Thursday, July 27, 2023 at 11:01:17 AM UTC-4 Ben Wilson wrote:
> Thanks again.
>
> How about this language?
>
>
Thanks again.
How about this language?
CA operators with CA certificates capable of issuing working TLS server
certificates MUST submit a link to their annual [Compliance
Self-Assessment](https://www.ccadb.org/cas/self-assessment) via the CCADB.
The initial annual self-assessment must be
Google policy states "The initial annual self assessment must be completed
and submitted to the CCADB within 90 calendar days from the CA owner's
earliest appearing root record “BR Audit Period End Date” that is after
December 31, 2022." You could use the same approach.
Note, that for a CA to
Thanks, Bruce. If we took that approach, then the language in MRSP section
3.4 might read, "Effective January 1, 2024, CA operators with CA
certificates capable of issuing working TLS server certificates MUST submit
their [Compliance Self-Assessment](https://www.ccadb.org/cas/self-assessment)
at
Hi Ben,
It would be great to get your feedback on my proposal above as I would like
to put this into a human process which is kind of analog. The 365/366
proposal means we would need to do it, say every 330 days to ensure we stay
compliant. This would mean the schedule would continue to move