Hello.
OK. I see your point. I was thinking on the end date of the audit report
that was uploaded. Chrome's approach is to count 90 days after that, so
typically we open the audit case and then, within those 90 days, we send
the self-assessment.
But I guess the result is the same.
Txs
El
Hi Pedro,
I think that the proposed language works with the scenario you present. In
other words, you have 455 days after your previous year's audit end date to
submit your self assessment to the CCADB. This can be done in conjunction
with submitting your audit information in the CCADB using
I got lost here "CA operators SHOULD submit the link to their
self-assessment at the same time as when they update their audit records
(within 455 calendar days after the CA operator's earliest appearing root
record's "BR Audit Period End Date" for the preceding audit period)."
Typically we'd
Thanks, Bruce,
It would be based on the significance of revisions and compliance dates
found in the Baseline Requirements and on when the template was updated and
approved by the participating root stores.
Ben
On Thu, Jul 27, 2023 at 9:13 AM 'Bruce Morton' via
dev-security-policy@mozilla.org
Looks good. There might be an issue with the version of the self-assessment
template as I don't think the CAs know when it will be updated. Is there a
schedule or is this random?
On Thursday, July 27, 2023 at 11:01:17 AM UTC-4 Ben Wilson wrote:
> Thanks again.
>
> How about this language?
>
>
Thanks again.
How about this language?
CA operators with CA certificates capable of issuing working TLS server
certificates MUST submit a link to their annual [Compliance
Self-Assessment](https://www.ccadb.org/cas/self-assessment) via the CCADB.
The initial annual self-assessment must be
Google policy states "The initial annual self assessment must be completed
and submitted to the CCADB within 90 calendar days from the CA owner's
earliest appearing root record “BR Audit Period End Date” that is after
December 31, 2022." You could use the same approach.
Note, that for a CA to
Thanks, Bruce. If we took that approach, then the language in MRSP section
3.4 might read, "Effective January 1, 2024, CA operators with CA
certificates capable of issuing working TLS server certificates MUST submit
their [Compliance Self-Assessment](https://www.ccadb.org/cas/self-assessment)
at
Hi Ben,
It would be great to get your feedback on my proposal above as I would like
to put this into a human process which is kind of analog. The 365/366
proposal means we would need to do it, say every 330 days to ensure we stay
compliant. This would mean the schedule would continue to move
And, for section 3.3 (CPs and CPSes), I am thinking that the same change
should be made from 365 to 366 days, and that item 4 would read, "all CPs,
CPSes, and combined CP/CPSes MUST be reviewed and updated as necessary at
least once every 366 days."
Ben
On Wed, Jul 26, 2023 at 3:35 PM Ben Wilson
All,
For submission of self-assessments, what do people think about "at least
every 366 days" instead of the original proposal of 365 days? That gives
flexibility for leap years.
Ben
On Thu, Jun 29, 2023 at 9:48 PM Antti Backman wrote:
> I concur to Bruce's consern,
>
> Albeit not directly
I concur to Bruce's consern,
Albeit not directly conserning this discussion, we already have this issue
in our hands:
https://www.chromium.org/Home/chromium-security/root-ca-policy/#6-annual-self-assessments
But yes, this will be moving target, I would propose that this could be
tight
The issue I have with "at least every 365 days" is that I like to put
something on the schedule and do it the same month every year. We do this
with our annual compliance audit. If we have to provide the self-assessment
at least every 365 days, then each year it will be earlier to provide some
All,
Historically, Mozilla has required that CAs perform an annual
Self-Assessment of their compliance with the CA/Browser Forum's TLS
Baseline Requirements and Mozilla's Root Store Policy (MRSP). See
https://wiki.mozilla.org/CA/Compliance_Self-Assessment. While there has not
been any
14 matches
Mail list logo
