How to Create and Audit Case in CCADB

CAs, I have updated the instructions for creating an Audit Case in the CCADB, and have added a video that demonstrates the process. https://www.ccadb.org/cas/updates#instructions Please let me know if you have any questions about the updated process. Thanks, Kathleen

Add Ben Wilson as Peer of Mozilla's CA Certificates and CA Certificate Policy modules

All, I propose adding Ben Wilson as a peer[1] of Mozilla's CA Certificates Module[2] and CA Certificate Policy Module[3]. As you know, Ben and I are distributing the job of running Mozilla's CA Program between us, so Ben will continue to actively work on both of these Modules. Thanks, Kathleen

Re: EKU is required in each Subordinate CA certificate

Yes, that date comes from the Mozilla Root Program, but this requirement is new for the other Root Programs and for the BR. The other thing is that without having an indicated effect date, the requirement can be interpreted in that way, that every valid Subordinate CA certificate shall comply

EKU is required in each Subordinate CA certificate

You could find the following requirement in the latest Baseline Requirement: 7. CERTIFICATE, CRL, AND OCSP PROFILES 7.1 Certificate profile 7.1.2 Certificate Content and Extensions; Application of RFC 5280 7.1.2.2 Subordinate CA Certificate ... g. extkeyUsage (optional/required) For Cross