Please ignore this email thread.
In order for folks to debug the problem of posts to mozilla.dev.security.policy
not getting propagated to Google Groups, they need email headers that are less
than 8 days old.
Reference:
https://bugzilla.mozilla.org/show_bug.cgi?id=1412993
Thanks,
Kathleen
On Wednesday, November 29, 2017 at 1:39:54 PM UTC-8, Kathleen Wilson wrote:
> Please ignore this email thread.
>
> In order for folks to debug the problem of posts to
> mozilla.dev.security.policy not getting propagated to Google Groups, they
> need email headers that are less than 8 days old.
All,
I am pleased to announce that Wayne Thayer is now a Mozilla employee,
and will be working with me on our CA Program!
Many of you know Wayne from his involvement in this discussion forum and
in the CA/Browser Forum, as a representative for the Go Daddy CA. Wayne
was involved in Go
On 11/6/17 3:40 AM, Ben Laurie wrote:
Since CT is not (yet) compulsory, it seems you probably have to contact all
CAs, doesn't it?
To close the loop on this...
I have added the following to the draft of the November 2017 CA
Communication.
~~
ACTION 8: Check for issuance of TLS/SSL
On 11/10/17 1:44 PM, Ben Wilson wrote:
In the spirit of full transparency and in attempt to comply to the extent we
can with Mozilla policy, on Thursday, Nov. 2, we created several sub CAs
under two new "transition" roots (yet to be submitted as roots). These sub
CAs haven't been uploaded yet
On 11/13/17 7:22 PM, Jakob Bohm wrote:
Wouldn't the .tg incident be equally relevant for the e-mail trust bit?
(In which case the first 3 options should say TLS/SSL/e-mail)
Good point. To make it easier, I removed "TLS/SSL", and changed text to
"certificates containing .tg domains".
On 11/14/17 4:34 AM, douglas.beat...@gmail.com wrote:
Do we believe that this issue has been resolved by the Registry and issuance an
resume as normal, or are there ongoing concerns which CAs should be aware of
when issuing certificates to .tg domains?
Based on information from folks that
Note to CAs: The indicator that an Audit Case is under review for
particular root certs will only be added if there has been a
corresponding Audit Root Case created for that particular root cert. If
you have only created the Audit Case (and not the Audit Root Cases),
that will not be indicated
Hi Everyone,
If any of you use Salesforce for something other than CCADB, then I will
greatly appreciate it if you will Upvote for the following Salesforce
feature request for password authentication for SMTP Relaying:
https://success.salesforce.com/ideaView?id=08730006wu7AAA
We are
This hasn't shown up in Google Groups for me yet, so please see the
message below from Jeremy.
Note that there is a bug
(https://bugzilla.mozilla.org/show_bug.cgi?id=1412993) and a Google
support ticket open for this problem of messages that are posted via
Google Groups not showing up in
On 11/13/17 1:52 PM, Kathleen Wilson wrote:
Link to November 2017 CA Communication on wiki page:
https://wiki.mozilla.org/CA/Communications#November_2017_CA_Communication
Direct link to the survey:
Thank you to everyone who has been looking into the .tg Registry problem
and providing valuable information. I greatly appreciate all of your
efforts!
I have updated the related action item in the November CA Communication
to reflect the dates that we believe the .tg Registry was having
On 11/16/17 10:04 AM, Kathleen Wilson wrote:
On 11/13/17 1:52 PM, Kathleen Wilson wrote:
Link to November 2017 CA Communication on wiki page:
https://wiki.mozilla.org/CA/Communications#November_2017_CA_Communication
Direct link to the survey:
All,
I have updated the draft of the November 2017 CA Communication as follows:
- Postponed the response deadline to December 15.
- Removed the CT item (that will be handled separately, later)
- Added an action item (#4) about full period-of-time audits with no
gaps. (resulted in a slight
It has been suggested that I need to communicate to CAs that there will
be consequences if their audit statements do not meet Mozilla’s
requirements, so how about if I add the following to the November CA
Communication?
~~
As stated in Mozilla’s April 2017 CA Communication[1] and Mozilla’s
On 11/1/17 12:22 PM, westmai...@gmail.com wrote:
Hello,
Why you're removed the post of Peter Gutmann (Nov. 1, 2017, 4:08)?
If I understand correctly, at the time of the public discussion for new root
certificates SSL.com (RA Comodo) Mozilla concealed information about the
acquisition of SSL
On 11/9/17 5:58 AM, cbonn...@trustwave.com wrote:
Hello all,
I was cross-referencing data contained in the "Included CAs" spreadsheet
(https://wiki.mozilla.org/CA/Included_CAs) and the "Included CA Certificates" spreadsheet
(https://wiki.mozilla.org/CA/Included_Certificates) and discovered
All,
Mozilla's Bugzilla system was updated a couple of days ago, and now the
Bugzilla/wiki integration is not working very well. So you will notice some
changes in the following wiki pages:
https://wiki.mozilla.org/CA/Incident_Dashboard
https://wiki.mozilla.org/CA/Dashboard
I have
All,
I will greatly appreciate your thoughtful and constructive feedback on the
DRAFT of Mozilla's next CA Communication, which I am hoping to send in early
November.
https://wiki.mozilla.org/CA/Communications#November_2017_CA_Communication
Direct link to the survey:
On Monday, October 30, 2017 at 2:59:31 PM UTC-7, Ryan Sleevi wrote:
>
> I would expect that it would be incumbent on the CABs and the CAs providing
> EN 319 411-1 certificates to help the community better understand the level
> of assurance provided. That is, I think those supporting the
On Monday, October 30, 2017 at 5:17:38 PM UTC-7, Kathleen Wilson wrote:
> On Saturday, October 28, 2017 at 5:07:51 PM UTC-7, Kathleen Wilson wrote:
> > All,
> >
> > Mozilla's Bugzilla system was updated a couple of days ago, and now the
> > Bugzilla/wiki integration is not working very well. So
Thank you, Dimitris, for sharing input from your auditor.
> Long story short, as an accredited CAB, we _definitely_ must check
> historical data over the period since previous audit. This requirement
> is clearly included in Section 7.9 of ETSI EN 319 403
>
On 10/31/17 2:57 PM, Dimitris Zacharopoulos wrote:
[NS]: If all ETSI reports delivered to Root Programs had clear
indication regarding the “audit period” and the type of the audit (i.e.
full), probably this discussion would not be raised at all?
Correct.
For example, in all our
Re-posting the message below, because it appears that this message did
not get propagated to groups.google.com.
I have filed a bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=1412993 -
mozilla.dev.security.policy posts not getting propagated to Google Groups
-Original Message-
On Monday, October 30, 2017 at 5:02:08 PM UTC-7, Buschart, Rufus wrote:
> Our ETSI audit report
> (https://www.siemens.com/corp/pool/pki/siemens_etsi.pdf) states:
>
> > An audit of the certification service, documented in a report, provided
> > evidence that the requirements of the following
>
On Saturday, October 28, 2017 at 5:07:51 PM UTC-7, Kathleen Wilson wrote:
> All,
>
> Mozilla's Bugzilla system was updated a couple of days ago, and now the
> Bugzilla/wiki integration is not working very well. So you will notice some
> changes in the following wiki pages:
>
>
Forwarded Message
Subject: Summary of May 2018 Audit Reminder Emails
Date: Tue, 15 May 2018 19:00:06 + (GMT)
Mozilla: Audit Reminder
Root Certificates:
GDCA TrustAUTH R5 ROOT**
** Audit Case in the Common CA Database is under review for this root
certificate.
All,
We will begin the CCADB migration to the new PEM-extraction tool today,
and expect to be done by Friday. It will take a couple days to make all
the changes, re-run the PEM-extraction over all of the data, update
reports, etc.
The CCADB and reports will continue to be available during
Most of the PEM data in the CCADB has been updated using the new tool.
There are 5 records (listed below) that the new tool fails to do the PEM
extraction for, so I am updating their PEM data manually.
Suva Root CA 1 Intermediate Certificate (Revoked)
Forwarded Message
Subject: Summary of June 2018 Audit Reminder Emails
Date: Tue, 19 Jun 2018 19:00:17 + (GMT)
Mozilla: Audit Reminder
Root Certificates:
Atos TrustedRoot 2011
Standard Audit:
All,
We are working towards updating the tool that we use in the CCADB to
parse PEM data and fill in the corresponding fields in the CCADB. The
new tool is in the TLS Observatory:
https://github.com/mozilla/tls-observatory
Example:
curl
I would like to replace the old "Certificate ID" field with the
following two fields, because they are useful in different situations,
and the new field names are clear about what the values are.
SPKI SHA256
Subject + SPKI SHA256
Also, I am seeing differences in the following fields for a
On Wednesday, October 25, 2017 at 2:05:33 PM UTC-7, Andrew Ayer wrote:
> Hi Kathleen,
>
> I suggest being explicit about which CAA errata Mozilla allows.
>
> For CNAME, it's erratum 5065.
>
> For DNAME, it's erratum 5097.
>
> Link to errata:
All,
I would like to thank Aaron Wu for all of his help on our CA Program,
and am sorry to say that his last day at Mozilla will be January 12. I
have appreciated all of Aaron’s work, and it has been a pleasure to work
with him.
I will be re-assigning all of the root inclusion/update
Is the same process used for existing CAs that need to add a new root and new
CAs applying for the first time?
Yes.
From
https://wiki.mozilla.org/CA/Application_Process#Process_Overview
""
The same process is used to request:
- Root certificate inclusion for all CAs, even if the CA already
On 1/10/18 10:52 AM, Doug Beattie wrote:
Thanks Kathleen. I only asked because you are trying to reduce the manpower for
processing applications, and if a CA was already in the program there might not be a need
to do as much. But on the other hand, this forces us to all comply with those
All,
I propose adding Wayne Thayer as a peer[1] of Mozilla's CA Certificates
Module[2] and CA Certificate Policy Module[3]. As you know, Wayne and I
are distributing the job of running Mozilla's CA Program between us, so
he will be actively working on both of these Modules.
Thanks,
Kathleen
On 1/4/18 3:53 AM, Kurt Roeckx wrote:
On 2018-01-04 01:36, Kathleen Wilson wrote:
Mozilla: Audit Reminder
Root Certificates:
AC Raíz Certicámara S.A.
Standard Audit: https://cert.webtrust.org/SealFile?seal=2120=pdf
Audit Statement Date: 2016-09-15
CA Comments: null
The audit period of
On 1/9/18 4:23 PM, Kathleen Wilson wrote:
I will be re-assigning all of the root inclusion/update Bugzilla Bugs
back to me,
Done
and I will take back responsibility for the high-level
verification of the CA-provided data for root inclusion/update requests.
I hope to begin work on this
Just FYI that two new public reports are now available via the
https://wiki.mozilla.org/CA/Included_CAs wiki page. One for Problem
Reporting Mechanisms, and one for CAA identifiers.
Here's the direct links to the new reports:
On 11/15/17 1:48 PM, Kathleen Wilson wrote:
All,
The following report lists data for all root and intermediate cert
records in the CCADB.
https://ccadb-public.secure.force.com/mozilla/AllCertificateRecordsCSVFormat
A link to this report is here:
http://ccadb.org/resources
Cheers,
All,
I am tracking the date that I received a BR Self Assessment from each CA
here:
https://docs.google.com/spreadsheets/d/1Lmdkl3gTpKyBgZwL_6j5ivClBXiGMUnZyAVJDTHtjO4/edit?usp=sharing
The purpose of this exercise is to ensure that every CA in our program
is fully aware and complying with
On 1/30/18 6:19 AM, Gervase Markham wrote:
On 30/01/18 00:48, James Burton wrote:
I was doing research on the ccadb.org site and was surprised to find that
the site is running only in HTTP and is not using HTTPS. Now, I understand
that GitHub pages don't support HTTPS for custom domains but you
On 2/7/18 11:41 AM, Kathleen Wilson wrote:
All,
At 6pm PST on Thursday, February 8th, we will begin the migration of
ccadb.org to https.
It is possible that during this migration users may receive errors when
trying to access the ccadb.org site.
All,
Something went wrong, so the changes
All,
I have had the tremendous opportunity to work with Gerv Markham on the
CA Program for many years, and am extremely grateful to Gerv for his
countless valuable and lasting contributions to the CA world.
Gerv has decided to step away from work at this time, to focus on his
family[1]. We
Summary of audit statements that are due:
Forwarded Message
Subject: Summary of February 2018 Audit Reminder Emails
Date: Tue, 20 Feb 2018 20:00:05 + (GMT)
Mozilla: Audit Reminder
Root Certificates:
ISRG Root X1
Standard Audit:
All,
I have begun receiving questions about the Audit Letter Validation (ALV)
results in CCADB Audit Cases, so here is some information about it.
CAs and Root Store Operators who are logged into the CCADB will find in
the Audit Case page a button called "Audit Letter Validation (ALV)". You
On 2/15/18 10:24 AM, Kathleen Wilson wrote:
All,
I have begun receiving questions about the Audit Letter Validation (ALV)
results in CCADB Audit Cases, so here is some information about it.
ALV looks for the things listed in Mozilla's and Microsoft's root store
policies...
Mozilla's
Wishing all of you a happy 2018!
Below is the summary of the audit reminder email that was automatically
sent by the CCADB in December.
PS: I am back at work as of today, but I will appreciate your patience
while to catch up on my email inbox. If there is anything urgent, you
might want to
Dear Fellow Mozillians,
It is with deep sorrow that we share the news that our friend and
colleague, Gerv Markham, passed away on July 27, 2018. Along with the
many others whom he worked alongside over his time at Mozilla, we will
remember Gerv as caring, honest, inquisitive, opinionated,
All,
In their effort to better protect WebTrust seals, CPA Canada has made it
so we can no longer access WebTrust pdf files directly from the CCADB.
I received the following response when inquiring about this.
“”
Thank you for contacting Chartered Professional Accountants of Canada.
You can
Forwarded Message
Subject: Summary of August 2018 Audit Reminder Emails
Date: Tue, 21 Aug 2018 19:00:10 + (GMT)
Mozilla: Audit Reminder
Root Certificates:
AC Raíz Certicámara S.A.
Standard Audit: https://cert.webtrust.org/SealFile?seal=2333=pdf
Audit Statement Date:
Forwarded Message
Subject: Summary of July 2018 Audit Reminder Emails
Date: Tue, 17 Jul 2018 19:00:10 + (GMT)
Mozilla: Audit Reminder
Root Certificates:
LuxTrust Global Root 2
Standard Audit:
On 1/16/18 2:03 PM, Kathleen Wilson wrote:
All,
I propose adding Wayne Thayer as a peer[1] of Mozilla's CA Certificates
Module[2] and CA Certificate Policy Module[3]. As you know, Wayne and I
are distributing the job of running Mozilla's CA Program between us, so
he will be actively working
On 2/9/18 7:52 AM, Kathleen Wilson wrote:
On 2/7/18 11:41 AM, Kathleen Wilson wrote:
All,
At 6pm PST on Thursday, February 8th, we will begin the migration of
ccadb.org to https.
It is possible that during this migration users may receive errors
when trying to access the ccadb.org site.
As I didn't write the blog post, I certainly can't speak to the
intent
The intent of the blog post was to let folks know about an error they
may encounter when Firefox 60 goes into Beta. And to have a place to
point folks to if they run into the error and ask about it.
It was *not* our
The ccadb.org site is now https.
Please let me know if you run into any problems with the ccadb.org site.
Thanks for your patience.
Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
All,
Wayne and I have posted a Mozilla Security Blog regarding the current
plan for distrusting the Symantec TLS certs.
https://blog.mozilla.org/security/2018/03/12/distrust-symantec-tls-certificates/
Kathleen
___
dev-security-policy mailing list
Here's the summary of the audit reminder email that was sent last
Tuesday, while I was on Spring Break.
Kathleen
Forwarded Message
Subject:Summary of April 2018 Audit Reminder Emails
Date: Tue, 17 Apr 2018 19:00:32 + (GMT)
From: Mozilla CA Program Manager
Forwarded Message
Subject: Summary of March 2018 Audit Reminder Emails
Date: Tue, 20 Mar 2018 19:00:18 + (GMT)
Mozilla: Audit Reminder
Root Certificates:
GDCA TrustAUTH R5 ROOT
Standard Audit: https://cert.webtrust.org/SealFile?seal=2231=pdf
Audit Statement Date:
On 3/20/18 12:43 PM, Kurt Roeckx wrote:
On Tue, Mar 20, 2018 at 12:07:54PM -0700, Kathleen Wilson via
dev-security-policy wrote:
Mozilla: Audit Reminder
Root Certificates:
Class 2 Primary CA
Standard Audit:
https://bug1297034.bmoattachments.org/attachment.cgi?id=8849236
Audit Statement
Based on the input into this discussion so far, I propose to add the
following section to the Required part of this wiki page:
https://wiki.mozilla.org/CA/Required_or_Recommended_Practices
We can consider adding text about this directly to Mozilla's Root Store
Policy later. (I'll file the
I have added the following section to the Required Practices wiki page:
https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#BR_Commitment_to_Comply_statement_in_CP.2FCPS
I will continue to appreciate feedback on this update.
Thanks,
Kathleen
On 10/15/18 11:01 AM, Kathleen Wilson wrote:
I have added the following section to the Required Practices wiki page:
https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#BR_Commitment_to_Comply_statement_in_CP.2FCPS
I will continue to appreciate feedback on this update.
Thanks,
All,
The CCADB system upgrades are in progress, so there will be limited
functionality today. Best to avoid logging into CCADB today if you can.
Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
Forwarded Message
Subject: Summary of October 2018 Audit Reminder Emails
Date: Tue, 16 Oct 2018 19:00:37 + (GMT)
Mozilla: Audit Reminder
Root Certificates:
AC Raíz Certicámara S.A.
Standard Audit:
The CCADB system updates are complete, and access has been restored to
normal.
Please send me email if you run into any problems in the CCADB.
Thanks,
Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
On 10/18/18 2:03 PM, Joanna Fox wrote:
https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#CP.2FCPS_Structured_According_to_RFC_3647
For clarification on this statement, "Any CPS that falls within the scope of
Mozilla’s program must not use the words “No stipulation” unless the
I have made this change:
https://wiki.mozilla.org/Modules/All#Mozilla_CA_Certificate_Policy
Thanks,
Kathleen
On 10/13/18 9:39 AM, Kathleen Wilson wrote:
All, I posted the following in the mozilla.governance forum.
Please feel free to comment here in m.d.s.policy, if you would like.
~~
I’m
I have updated the section as follows:
- Removed the sentence that was trying to limit the use of "No
Stipulation". Hopefully the clarification about what these words mean is
sufficient.
- Added bullet points
- Added "Sections MUST not be left blank. ..."
All, I posted the following in the mozilla.governance forum.
Please feel free to comment here in m.d.s.policy, if you would like.
~~
I’m proposing to make Wayne Thayer the new owner of the “CA Certificate
Policy” module. In his role at Mozilla, Wayne has been driving updates
to Mozilla’s
On 10/15/18 12:48 AM, Pedro Fuentes wrote:
Hello,
I've a question closely related to this. I'd appreciate guidance.
I'm refactoring our CP & CPS documents considering that a CA can issue
different types of certificates, so there would be multiple CP and one CPS.
My strategy is that if the
I have updated this section in the wiki page again as follows:
- Changed the word 'must' to 'should' for items that are not currently
in Mozilla's Root Store Policy or the BRs. We plan to change these back
to 'must' after Wayne updates Mozilla's Root Store Policy regarding this
topic.
- Added
All,
I would like to create some written rules about using "No Stipulation"
in CP and CPS documents; e.g. what it means, and when it is OK to be used.
First, I will appreciate your thoughts about what the term "No
Stipulation" means. e.g. does it mean one or all of the following?
"No rules
All,
We will be doing system upgrades to the CCADB on Monday, October 15,
8am-6pm Pacific Time. There will be limited functionality during that time.
Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
Oh, so rather than trying to define what "No Stipulation" means and when
it can be used, we could take a different approach -- list the sections
that cannot contain "No Stipulation" in the CPS.
On 10/9/18 12:31 PM, Brown, Wendy (10421) wrote:
Tim -
I think that statement leaves out the
Forwarded Message
Subject: Summary of November 2018 Audit Reminder Emails
Date: Tue, 20 Nov 2018 20:00:09 + (GMT)
Mozilla: Audit Reminder
Root Certificates:
TrustCor RootCert CA-2
TrustCor RootCert CA-1
TrustCor ECA-1
Standard Audit:
Forwarded Message
Subject: Summary of September 2018 Audit Reminder Emails
Date: Tue, 18 Sep 2018 19:00:14 + (GMT)
Mozilla: Audit Reminder
Root Certificates:
AC Raíz Certicámara S.A.
Standard Audit:
Forwarded Message
Subject: Summary of December 2018 Audit Reminder Emails
Date: Tue, 18 Dec 2018 20:00:20 + (GMT)
Mozilla: Audit Reminder
Root Certificates:
TrustCor RootCert CA-2
TrustCor RootCert CA-1
TrustCor ECA-1
Standard Audit:
All,
I would like to add two columns ("Test Website - Expired" and "Test
Website - Revoked") to the following reports:
https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReport
https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportCSVFormat
All,
CCADB sends email on the first Tuesday of each month to CAs with
outdated audit statements in their intermediate cert records. An audit
statement is determined to be outdated when its Audit Period End Date is
older than 1 year + 3 months.
Copy-paste correction:
2) Intermediate CA Certificates with their own audit statements (CSV)
https://ccadb-public.secure.force.com/mozilla/IntermediateCertsSeparateAuditsCSV
On 3/27/19 11:50 AM, Kathleen Wilson wrote:
All,
Just FYI that we have added the following two reports to
All,
Just FYI that we have added the following two reports to
wiki.mozilla.org/CA/Intermediate_Certificates
1) Intermediate CA Certificates with their own audit statements (HTML)
https://ccadb-public.secure.force.com/mozilla/IntermediateCertsSeparateAudits
2) Intermediate CA Certificates
All,
As you know, CAs who currently have access to the CCADB are now able to
directly enter and update their Root Inclusion Cases [1].
I would like to extend this capability to new CAs, so I propose that we
add the description in the following document to a web page in
All,
The following report has been updated to add a column for "CP/CPS Last
Updated Date".
http://ccadb-public.secure.force.com/mozilla/AllCertificateRecordsCSVFormat
Regards,
Kathleen
___
dev-security-policy mailing list
Here's the summary of Mozilla's audit reminder emails that were sent
last Tuesday. (I was on vacation last week).
Note that per previous discussion, the date logic for sending these
emails has been updated, and is documented here:
All,
Thank you to those of you that have been providing thoughtful and
constructive input into this discussion. I have been carefully reading
and contemplating all of the messages posted in the
mozilla.dev.security.policy forum.
As the owner of Mozilla’s CA Certificates Module[1] and in an
Here's the summary of Mozilla's audit reminder emails that were sent
today by the CCADB.
Reminder: The date logic for sending these emails is documented in the
following wiki page.
https://wiki.mozilla.org/CA/Email_templates#Audit_Reminder_Email_Templates
- Audit Reminder is sent when
All,
As of today, CAs who already have access to the CCADB should create
their new root inclusion requests (for Mozilla's program) as follows:
1) Create a Root Inclusion Bugzilla Bug.
https://wiki.mozilla.org/CA/Application_Instructions#Create_Root_Inclusion.2FUpdate_Request
2) Provide all
On 2/6/19 2:53 PM, Kathleen Wilson wrote:
So here's the updated proposal:
1) If
(1 year + 31 days) < (today - Audit Period End Date) <= (1 year + 93 days)
Send Courtesy Audit Reminder
https://wiki.mozilla.org/CA/Email_templates#Courtesy_Audit_Reminder_Email_Template
2) If
(1 year + 93 days)
Thanks Wayne and Kurt for your input.
So here's the updated proposal:
1) If
(1 year + 31 days) < (today - Audit Period End Date) <= (1 year + 93 days)
Send Courtesy Audit Reminder
https://wiki.mozilla.org/CA/Email_templates#Courtesy_Audit_Reminder_Email_Template
2) If
(1 year + 93 days) <
All,
As you know, CCADB sends audit reminder emails regarding root certs in
Mozilla's program on the 3rd Tuesday of each month.
We are going to update the date checks for determining when the email
gets sent, so that rather than keying off of the Audit Statement Date,
the check will key off
All,
I posted the following to the Mozilla Security Blog to explain what the
CCADB is and why it is important.
https://blog.mozilla.org/security/2019/04/15/common-ca-database-ccadb/
Kathleen
___
dev-security-policy mailing list
Forwarded Message
Subject: Summary of June 2019 Outdated Audit Statements for Intermediate
Certs
Date: Tue, 4 Jun 2019 14:00:16 + (GMT)
CA Owner: AC Camerfirma, S.A.
- Certificate Name: InfoCert Organization Validation CA 3
SHA-256 Fingerprint:
For those of you with access to the CCADB...
There is now a CCADB CA Task list on your homepage. This gets updated
every time you go to your CCADB homepage, either upon login, or by
clicking on the 'Home' tab.
Here is an example of what it looks like.
~~
Summary (Click on the arrows to see
Forwarded Message
Subject: Summary of June 2019 Audit Reminder Emails
Date: Tue, 18 Jun 2019 19:00:30 + (GMT)
Mozilla: Audit Reminder
CA Owner: LuxTrust
Root Certificates:
LuxTrust Global Root 2
Standard Audit:
On 5/10/19 5:46 PM, Wayne Thayer wrote:
I've attempted to update section 6 to incorporate revocation requirements
for S/MIME certificates:
https://github.com/mozilla/pkipolicy/commit/15ad5b9180903b92b8f638c219740c0fb6ba0637
Note: since much of this language is copied directly from the BRs, if
On 5/13/19 10:24 AM, Wayne Thayer wrote:
The BRs forbid delegation of domain and IP address validation to third
parties. However, the BRs don't forbid delegation of email address
validation nor do they apply to S/MIME certificates.
Delegation of email address validation is already addressed by
All,
We've made the following changes to the ccadb.org site.
1) The general links providing data for all CAs and certs in the CCADB
have been updated from "mozilla" to "ccadb". In particular the first
three links in the General section on the Resources tab have been updated.
On 5/16/19 4:39 PM, Wayne Thayer wrote:
On Thu, May 16, 2019 at 4:23 PM Wayne Thayer wrote:
I will soon file a bug requesting removal of the “Certinomis - Root CA”
from NSS.
This is https://bugzilla.mozilla.org/show_bug.cgi?id=1552374
Thank you to Wayne and all of you who have
101 - 200 of 345 matches
Mail list logo