Re: ComSign Root Renewal Request
This discussion of this request was on-hold waiting for the CA to update/restructure their CPS (both in Hebrew and translated into English). The CA has updated their CPS as [1][2][3]. I have verified the following for the Comsign CA: A. CP/CPS have been updated in English version [1] and corresponding repository [2][3] B. BR Self Assessment has been updated [4], and the CA resolved all of the shortcomings that they noted in their previous version of BR Self Assessment C. Current Audit Statements provided [5][6], which updated on 2017/4/26 D. Test websites work as expected [7] We can restart the discussion and please review their updated documents and comment in this discussion if you have further questions or concerns about this request. Thanks, Aaron [1] CPS v4.0: https://s3-us-west-2.amazonaws.com/comsign/CPS/CPS-EN-v4.0.pdf [2] Repository: https://www.comsign.co.il/repository/ [3] CPS: https://www.comsign.co.il/cps [4] BR-Self Assessment: https://bugzilla.mozilla.org/attachment.cgi?id=8899375 [5] https://bug675060.bmoattachments.org/attachment.cgi?id=8872334 [6] https://bug675060.bmoattachments.org/attachment.cgi?id=8872335 [7] Test Websites - Valid: https://fedir.comsign.co.il/test.html - Revoked: https://revoked.comsign.co.uk/test.html - Expired: https://expired.comsign.co.uk/test.html ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Upvote Salesforce Feature Request for Authenticated SMTP Relaying
Why not just have SFDC send e-mails directly as @ccadb.org by adding SFDC's SPF record to ccadb.org and creating/adding a DKIM key? No need for e-mail relaying in that case. Also, I recommend setting up DMARC, even disabled, just to get the DMARC reports to assist in debugging. ~reed On Tue, Nov 21, 2017 at 12:35 PM, Kathleen Wilson via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Hi Everyone, > > If any of you use Salesforce for something other than CCADB, then I will > greatly appreciate it if you will Upvote for the following Salesforce > feature request for password authentication for SMTP Relaying: > > https://success.salesforce.com/ideaView?id=08730006wu7AAA > > We are running into problems with companies adding stricter email > policies, so email is bouncing because CCADB is hosted by Salesforce, so > the email comes from @salesforce.com, but the From is supp...@ccadb.com. > So we need to set up email relaying, but Salesforce does not support > authenticated SMTP relaying, and Mozilla will not allow un-authenticated > email relaying (even for supp...@ccadb.org). > > Thanks, > Kathleen > ___ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Upvote Salesforce Feature Request for Authenticated SMTP Relaying
Hi Everyone, If any of you use Salesforce for something other than CCADB, then I will greatly appreciate it if you will Upvote for the following Salesforce feature request for password authentication for SMTP Relaying: https://success.salesforce.com/ideaView?id=08730006wu7AAA We are running into problems with companies adding stricter email policies, so email is bouncing because CCADB is hosted by Salesforce, so the email comes from @salesforce.com, but the From is supp...@ccadb.com. So we need to set up email relaying, but Salesforce does not support authenticated SMTP relaying, and Mozilla will not allow un-authenticated email relaying (even for supp...@ccadb.org). Thanks, Kathleen ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Audit Reminder Email Summary
Note to CAs: The indicator that an Audit Case is under review for particular root certs will only be added if there has been a corresponding Audit Root Case created for that particular root cert. If you have only created the Audit Case (and not the Audit Root Cases), that will not be indicated below. http://ccadb.org/cas/updates "CAs will create a single Audit Case for a particular set of audits (e.g. WebTrust CA, WebTrust BR, and WebTrust EV). Then the CA will create a set of corresponding Root Cases, one per root, to tell the CCADB which Root Certificate records the audit statements in that Audit Case apply to." Forwarded Message Subject: Summary of November 2017 Audit Reminder Emails Date: Tue, 21 Nov 2017 20:00:14 + (GMT) Mozilla: Audit Reminder Root Certificates: EE Certification Centre Root CA Standard Audit: https://bugzilla.mozilla.org/attachment.cgi?id=8826692 Audit Statement Date: 2016-11-25 BR Audit: https://bugzilla.mozilla.org/attachment.cgi?id=8826692 BR Audit Statement Date: 2016-11-25 CA Comments: null Mozilla: Overdue Audit Statements Root Certificates: Autoridad de Certificacion Firmaprofesional CIF A62634068** ** Audit Case in the Common CA Database is under review for this root certificate. Standard Audit: https://cert.webtrust.org/SealFile?seal=2032=pdf Audit Statement Date: 2016-04-11 BR Audit: https://bug521439.bmoattachments.org/attachment.cgi?id=8809981 BR Audit Statement Date: 2016-08-05 EV Audit: https://bug521439.bmoattachments.org/attachment.cgi?id=8809982 EV Audit Statement Date: 2016-08-05 CA Comments: https://bugzilla.mozilla.org/show_bug.cgi?id=1412950 Misunderstanding when switching from WebTrust to eIDAS/ETSI audit - resulted in point-in-time audit that Mozilla has not accepted. On October 31 CA requested 90 days to get period-of-time audits. Mozilla: Audit Reminder Root Certificates: CA Disig Root R1 CA Disig Root R2 Standard Audit: https://eidas.disig.sk/pdf/Audit2016_report.pdf Audit Statement Date: 2016-10-26 BR Audit: https://eidas.disig.sk/pdf/Audit2016_report.pdf BR Audit Statement Date: 2016-10-26 CA Comments: null Mozilla: Audit Reminder Root Certificates: AC Raíz Certicámara S.A. Standard Audit: https://cert.webtrust.org/SealFile?seal=2120=pdf Audit Statement Date: 2016-09-15 CA Comments: null Mozilla: Audit Reminder Root Certificates: D-TRUST Root CA 3 2013 Standard Audit: https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/en/6768UE_s.pdf Audit Statement Date: 2016-11-21 BR Audit: BR Audit Statement Date: CA Comments: null Mozilla: Audit Reminder Root Certificates: TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 Standard Audit: https://bug1262809.bmoattachments.org/attachment.cgi?id=8819839 Audit Statement Date: 2016-12-19 BR Audit: https://bug1262809.bmoattachments.org/attachment.cgi?id=8819839 BR Audit Statement Date: 2016-12-19 CA Comments: null Mozilla: Audit Reminder Root Certificates: NetLock Arany (Class Gold) F?tanúsítvány** ** Audit Case in the Common CA Database is under review for this root certificate. Standard Audit: https://bugzilla.mozilla.org/attachment.cgi?id=8803550 Audit Statement Date: 2016-10-20 BR Audit: https://bugzilla.mozilla.org/attachment.cgi?id=8803550 BR Audit Statement Date: 2016-10-20 CA Comments: null Mozilla: Audit Reminder Root Certificates: OpenTrust Root CA G1** OpenTrust Root CA G2** Certplus Root CA G1** OpenTrust Root CA G3** Certplus Root CA G2** ** Audit Case in the Common CA Database is under review for this root certificate. Standard Audit: https://bug1297034.bmoattachments.org/attachment.cgi?id=8783476 Audit Statement Date: 2016-08-19 BR Audit: https://bug1297034.bmoattachments.org/attachment.cgi?id=8783476 BR Audit Statement Date: 2016-08-19 EV Audit: https://bug1297034.bmoattachments.org/attachment.cgi?id=8783476 EV Audit Statement Date: 2016-08-19 CA Comments: https://bugzilla.mozilla.org/show_bug.cgi?id=1297034 Did not find reference to "Class 2 Primary CA" in the 2016 audit statements. Update: Audit of Class 2 Primary CA completed mid-October. Waiting for auditor to write attestation letter. Mozilla: Audit Reminder Root Certificates: Secure Global CA SecureTrust CA XRamp Global Certification Authority Standard Audit: https://cert.webtrust.org/SealFile?seal=2138=pdf Audit Statement Date: 2016-11-18 BR Audit: https://cert.webtrust.org/SealFile?seal=2139=pdf BR Audit Statement Date: 2016-11-18 EV Audit: https://cert.webtrust.org/SealFile?seal=2140=pdf EV Audit Statement Date: 2016-11-18 CA Comments: null Mozilla: Audit Reminder Root Certificates: Visa eCommerce Root** ** Audit Case in the Common CA Database is under review for this root certificate. Standard Audit: https://bug1301210.bmoattachments.org/attachment.cgi?id=8789076 Audit Statement Date: 2016-08-23 BR Audit: