All,
Below for your review and comment is a draft CA Communication and Survey to
be sent next week via the CCADB to all CA operators in Mozilla's root store.
Thanks,
Ben
Mozilla CA Operator Survey - Respond By September 15, 2023Section 1:
The purpose of this communication and survey is to ensure
I do not feel this point it nitpicky. Externally-referenced documents
increase the compliance burden on CAs (and organizations, in general) and
introduce unnecessary complexity. Specifying a version is helpful, but we
will also need to ensure prior versions of policies are easily accessible
All,
The language decided upon for item 3 of MRSP section 1.1 (Scope of MRSP for
end entity certificates) is as follows:
end entity certificates that have at least one valid, unrevoked chain up to
such a CA certificate through intermediate certificates that are all in
scope and
- an EKU
All,
I don't believe we received any comments or questions, and the proposed
changes have been made to the draft version of MRSP v.2.9.
Therefore, I will assume that discussion of these issues can now be closed.
Thanks,
Ben
On Thu, Jul 13, 2023 at 2:23 PM Ben Wilson wrote:
> All,
>
> This email
All,
Here is the currently proposed language for the first paragraph of MRSP
section 5.3.2:
The operator of a CA certificate included in Mozilla’s root store MUST
publicly disclose in the CCADB all CA certificates it issues that chain up
to that CA certificate trusted in Mozilla’s root store that
All,
In response to Tim Hollebeek's recent email on this topic (
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/HJDtlQEfUsY/m/1t6s5G2rAgAJ),
I have added a reference to CCADB Policy version 1.2.3. Unless there are
additional comments, I am assuming that discussion on this topic
All,
Here are those changes as proposed in the previous email on this topic.
https://github.com/BenWilson-Mozilla/pkipolicy/commit/644a665c434e6df8a4ab57e19583508d3fa7fcbd.
The removed text can now be found here: