> Please do not modify data in the CCADB during this update. > There will be an "Under Construction" message on the CCADB home page, and I > will post another update here when the changes have been completed and > verified.
Hi Kathleen. Do you know when these changes are expected to be completed and verified? The "Under Construction" message is still on the CCADB home page and your message was posted well over 24 hours ago. "Please do not modify data in the CCADB during this update" is problematic, because https://www.ccadb.org/policy#4-intermediate-certificates requires CAs to modify certain data in the CCADB "within 24 hours for a security incident". I don't have a security incident to declare, but I do need to add some new intermediate certificates that were issued earlier today "within 7 days". ________________________________ From: [email protected] <[email protected]> on behalf of Kathleen Wilson <[email protected]> Sent: 14 September 2022 02:00 To: [email protected] <[email protected]> Subject: CCADB Update: "Add/Update Root Request” Case type CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. All, The CCADB is being updated to introduce a new Case type called “Add/Update Root Request”, which will replace the existing “CA Audit Update Request” and “CA Information Update Request (Non-Audit)” Case types. Please do not modify data in the CCADB during this update. There will be an "Under Construction" message on the CCADB home page, and I will post another update here when the changes have been completed and verified. In the "Add/Update Root Request<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fd%2F1ttmeeqO6WxDWe_deDNsGUgDO_LpsvoduFNZeHHMw_f8%2Fedit%3Fusp%3Dsharing&data=05%7C01%7Crob%40sectigo.com%7C06c64ea370c347dffa3008da95ec875b%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637987140370976603%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=KzoFbFGAKHPGcawqq5m4FY2bmPu7bHFirBaheXCqUxQ%3D&reserved=0>" case we are also: 1. Adding a way for CAs to use this new case type to have new root certificate records created in the CCADB 2. Adding a tab called "ROOT INFORMATION", where CAs can provide key generation reports and information about the intended CA hierarchy. 3. Updating Root Certificate records to add more fields. 4. Updating Intermediate Certificate records to remap EKU to Derived Trust Bits. Our next project will be to revamp the workflow and UI for Root Inclusion Cases. The idea being that a CA will use the "Add/Update Root Request" case type to add records for their new root certificates, and maintain the corresponding policy documents and audit statements there. Separately, the CA can then create the requests for root stores to include those root certificates. This new workflow should: + Be much easier for CAs to use + Enable CAs to request inclusion in multiple root stores without having to provide the data multiple times + Reduce duplication of data in the CCADB, which currently results in outdated information in Cases – the root inclusion case (which can be open for multiple years) will refer to (not copy) the data in the CA Owner and relevant Root Certificate records. Thanks, Kathleen -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/7c1fd293-2197-4382-8e10-472d7d3e4222n%40mozilla.org<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fmozilla.org%2Fd%2Fmsgid%2Fdev-security-policy%2F7c1fd293-2197-4382-8e10-472d7d3e4222n%2540mozilla.org%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Crob%40sectigo.com%7C06c64ea370c347dffa3008da95ec875b%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637987140370976603%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YuhfgzuJ%2FxNg8YJtIVDXA4r7HpyCyj0L0iVttz1ED3M%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/MW4PR17MB4729CC3122B90478B1C8F13AAA499%40MW4PR17MB4729.namprd17.prod.outlook.com.
