On 7/9/19 3:17 PM, Ryan Sleevi wrote:
On Tue, Jul 9, 2019 at 5:50 PM Kathleen Wilson via dev-security-policy
I propose that to handle this situation, the CA may enter the
subordinate CA's current audit statements and use the Public Comment
field to indicate that the new certificate will be included in the next
audit statements.
To support this, we have added the "Comments" column to these two reports:
https://ccadb-public.secure.force.com/mozilla/IntermediateCertsSeparateAudits
https://ccadb-public.secure.force.com/mozilla/IntermediateCertsSeparateAuditsCSV
Note that if the same policies do not apply to the new sub-CA, it has
seemed uncontroversial that some form of new audit is required. Is that
consistent with your understanding as well?
That is consistent with my understanding as well. I'll make a note to
look into this in regards to enforcement in the CCADB, and the above
listed reports should probably also be updated to show the CP/CPS data.
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
