See BR 1.5.2. CAs are already required to have contact information in their CPS.
-----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+thollebeek=trustwave....@lists.mozilla.org] On Behalf Of David E. Ross via dev-security-policy Sent: Tuesday, August 8, 2017 10:37 AM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: CA Problem Reporting Mechanisms On 8/7/2017 8:09 PM, Jonathan Rudenberg wrote: > >> On May 17, 2017, at 07:24, Gervase Markham via dev-security-policy >> <dev-security-policy@lists.mozilla.org> wrote: >> >> On 16/05/17 02:26, userwithuid wrote: >>> After skimming the responses and checking a few CAs, I'm starting to >>> wonder: Wouldn't it be easier to just add another mandatory field to >>> the CCADB (e..g. "revocation contact"), requiring $URL or $EMAIL via >>> policy and just use that to provide a public list? >> >> Well, such contacts are normally per CA rather than per root. I guess >> we could add it on the CA's entry. > > I've been reporting a fair amount of misissuance this week, and the responses > to the Problem Reporting question in the April CA communication leave a lot > to be desired. Several CAs do not have any contact details at all, and others > require filling forms with captchas. > > I think it'd be very useful if CAs were required maintain a problem reporting > email address and keep it current in the CCADB, this requirement could go in > the Mozilla Root Store policy or the CCADB policy. If they want to also > maintain other modes of contact, they can but no matter what an email address > should be required. > > Jonathan > I think that a public point of contact for a certification authority was a requirement under Mozilla's policy. I cannot find such a requirement now unless the Baseline Requirements, which are included by reference in Mozilla's policy, require it. -- David E. Ross <http://scanmail.trustwave.com/?c=4062&d=m8yJ2Wj4I3PpA9lLssqYcKc5sstI-v_FHXaRoVKFig&s=5&u=http%3a%2f%2fwww%2erossde%2ecom%2f> President Trump demands loyalty to himself from Republican members of Congress. I always thought that members of Congress -- House and Senate -- were required to be loyal to the people of the United States. In any case, they all swore an oath of office to be loyal to the Constitution. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://scanmail.trustwave.com/?c=4062&d=m8yJ2Wj4I3PpA9lLssqYcKc5sstI-v_FHXLApAaMgw&s=5&u=https%3a%2f%2flists%2emozilla%2eorg%2flistinfo%2fdev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
