On 10/8/19 12:50 PM, Kathleen Wilson wrote:
There is now an "Audit Letter Validation (ALV)" button on intermediate
certificate records in the CCADB. There is also a new task list item on
your home page.
I have added the following wiki page to provide instructions about ALV.
I've modified the first question of the survey and added a response option
for exceptions:
https://ccadb-public.secure.force.com/mozillacommunications/CACommunicationSurveySample?CACommunicationId=a051J3waNOW
On Tue, Dec 24, 2019 at 5:55 AM Nick Lamb wrote:
> On Mon, 23 Dec 2019 14:20:16
On Mon, 23 Dec 2019 14:20:16 -0700
Wayne Thayer via dev-security-policy
wrote:
> I suggest that we modify question #1 to require CAs
> to attest that they intend to FULLY comply with version 2.7 of the
> policy and if they won't fully comply, to list all non-conforrmities.
> In other words,
On Sat, Dec 21, 2019 at 11:30 AM Nick Lamb wrote:
> On Thu, 19 Dec 2019 10:23:19 -0700
> Wayne Thayer via dev-security-policy
> wrote:
>
> > We've included a question about complying with the intermediate audit
> > requirements in the January survey, but not a more general question
> > about
On Thu, Dec 19, 2019 at 9:23 AM Wayne Thayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Tue, Nov 26, 2019 at 6:10 PM Nick Lamb via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
> > On Mon, 25 Nov 2019 14:12:46 -0800
> > Kathleen Wilson
On Thu, 19 Dec 2019 10:23:19 -0700
Wayne Thayer via dev-security-policy
wrote:
> We've included a question about complying with the intermediate audit
> requirements in the January survey, but not a more general question
> about exceptions. I feel that an open-ended question such as this
> will
On Tue, Nov 26, 2019 at 6:10 PM Nick Lamb via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Mon, 25 Nov 2019 14:12:46 -0800
> Kathleen Wilson via dev-security-policy
> wrote:
>
> > CAs should have been keeping track of and resolving their own known
> > problems in
On Mon, 25 Nov 2019 14:12:46 -0800
Kathleen Wilson via dev-security-policy
wrote:
> CAs should have been keeping track of and resolving their own known
> problems in regards to not fully following the BRs and Mozilla
> policy. For example, I expect that a situation in which I responded
> with
On 10/29/19 12:46 PM, Kathleen Wilson wrote:
When an intermediate certificate is not listed in all of the necessary
audit reports, it is a violation of Mozilla’s Root Store Policy and an
incident report[1] must be filed via a Bugzilla Bug which must list the
steps your CA is taking to resolve
On 11/19/19 4:59 PM, Kathleen Wilson wrote:
Note: I will add a report to
wiki.mozilla.org/CA/Intermediate_Certificates to list all of the
intermediate certificates that have been added to OneCRL and their
revocation status. This will enable the CA Community to identify which
certificates
All,
As Ryan points out, root store operators enforce the BRs in different ways.
Ryan wrote:
> (Writing in an official capacity for the Google/Chrome Root Program)
>
> Our expectation is that CAs will be filing incident reports for:
> 1) The failure to include and document as in-scope within
(Writing in an official capacity for the Google/Chrome Root Program)
There are still a remarkable number of CAs that have not filed incident
reports and not yet remediated this issue.
A reminder, the Baseline Requirements, Section 8.1, states:
> Certificates that are capable of being used to
CAs,
Here's additional information based on questions I've received about
what to do if you determine that an intermediate certificate is not
listed in an audit statement that it should have been in.
When an intermediate certificate is not listed in all of the necessary
audit reports, it is
On 10/8/19 12:50 PM, Kathleen Wilson wrote:
CAs,
There is now an "Audit Letter Validation (ALV)" button on intermediate
certificate records in the CCADB. There is also a new task list item on
your home page. In the summary section you will see a line item like the
following.
All,
I would like to remind everyone about when these requirements for
non-technically-constrained intermediate certificates came into effect
for CAs in Mozilla’s program according to previous versions of Mozilla’s
Root Store Policy[1] and previous CA Communications[2].
February 2013:
15 matches
Mail list logo