On 2/9/18 7:52 AM, Kathleen Wilson wrote:
On 2/7/18 11:41 AM, Kathleen Wilson wrote:
All,
At 6pm PST on Thursday, February 8th, we will begin the migration of
ccadb.org to https.
It is possible that during this migration users may receive errors
when trying to access the ccadb.org site
Summary of audit statements that are due:
Forwarded Message
Subject: Summary of February 2018 Audit Reminder Emails
Date: Tue, 20 Feb 2018 20:00:05 + (GMT)
Mozilla: Audit Reminder
Root Certificates:
ISRG Root X1
Standard Audit:
All,
I have had the tremendous opportunity to work with Gerv Markham on the
CA Program for many years, and am extremely grateful to Gerv for his
countless valuable and lasting contributions to the CA world.
Gerv has decided to step away from work at this time, to focus on his
family[1]. We
On 2/15/18 10:24 AM, Kathleen Wilson wrote:
All,
I have begun receiving questions about the Audit Letter Validation (ALV)
results in CCADB Audit Cases, so here is some information about it.
ALV looks for the things listed in Mozilla's and Microsoft's root store
policies...
Mozilla's
All,
I have begun receiving questions about the Audit Letter Validation (ALV)
results in CCADB Audit Cases, so here is some information about it.
CAs and Root Store Operators who are logged into the CCADB will find in
the Audit Case page a button called "Audit Letter Validation (ALV)". You
On 2/7/18 11:41 AM, Kathleen Wilson wrote:
All,
At 6pm PST on Thursday, February 8th, we will begin the migration of
ccadb.org to https.
It is possible that during this migration users may receive errors when
trying to access the ccadb.org site.
All,
Something went wrong, so the changes
On 1/30/18 6:19 AM, Gervase Markham wrote:
On 30/01/18 00:48, James Burton wrote:
I was doing research on the ccadb.org site and was surprised to find that
the site is running only in HTTP and is not using HTTPS. Now, I understand
that GitHub pages don't support HTTPS for custom domains but you
All,
I am tracking the date that I received a BR Self Assessment from each CA
here:
https://docs.google.com/spreadsheets/d/1Lmdkl3gTpKyBgZwL_6j5ivClBXiGMUnZyAVJDTHtjO4/edit?usp=sharing
The purpose of this exercise is to ensure that every CA in our program
is fully aware and complying with
On 1/16/18 2:03 PM, Kathleen Wilson wrote:
All,
I propose adding Wayne Thayer as a peer[1] of Mozilla's CA Certificates
Module[2] and CA Certificate Policy Module[3]. As you know, Wayne and I
are distributing the job of running Mozilla's CA Program between us, so
he will be actively working
On 1/9/18 4:23 PM, Kathleen Wilson wrote:
I will be re-assigning all of the root inclusion/update Bugzilla Bugs
back to me,
Done
and I will take back responsibility for the high-level
verification of the CA-provided data for root inclusion/update requests.
I hope to begin work
On 1/4/18 3:53 AM, Kurt Roeckx wrote:
On 2018-01-04 01:36, Kathleen Wilson wrote:
Mozilla: Audit Reminder
Root Certificates:
AC Raíz Certicámara S.A.
Standard Audit: https://cert.webtrust.org/SealFile?seal=2120=pdf
Audit Statement Date: 2016-09-15
CA Comments: null
The audit period
All,
I propose adding Wayne Thayer as a peer[1] of Mozilla's CA Certificates
Module[2] and CA Certificate Policy Module[3]. As you know, Wayne and I
are distributing the job of running Mozilla's CA Program between us, so
he will be actively working on both of these Modules.
Thanks,
Kathleen
Just FYI that two new public reports are now available via the
https://wiki.mozilla.org/CA/Included_CAs wiki page. One for Problem
Reporting Mechanisms, and one for CAA identifiers.
Here's the direct links to the new reports:
On 11/15/17 1:48 PM, Kathleen Wilson wrote:
All,
The following report lists data for all root and intermediate cert
records in the CCADB.
https://ccadb-public.secure.force.com/mozilla/AllCertificateRecordsCSVFormat
A link to this report is here:
http://ccadb.org/resources
Cheers
On 1/10/18 10:52 AM, Doug Beattie wrote:
Thanks Kathleen. I only asked because you are trying to reduce the manpower for
processing applications, and if a CA was already in the program there might not be a need
to do as much. But on the other hand, this forces us to all comply with those
Is the same process used for existing CAs that need to add a new root and new
CAs applying for the first time?
Yes.
From
https://wiki.mozilla.org/CA/Application_Process#Process_Overview
""
The same process is used to request:
- Root certificate inclusion for all CAs, even if the CA already
All,
I would like to thank Aaron Wu for all of his help on our CA Program,
and am sorry to say that his last day at Mozilla will be January 12. I
have appreciated all of Aaron’s work, and it has been a pleasure to work
with him.
I will be re-assigning all of the root inclusion/update
Wishing all of you a happy 2018!
Below is the summary of the audit reminder email that was automatically
sent by the CCADB in December.
PS: I am back at work as of today, but I will appreciate your patience
while to catch up on my email inbox. If there is anything urgent, you
might want to
On Monday, November 20, 2017 at 7:51:59 AM UTC-8, Gervase Markham wrote:
> Dear m.d.s.p.,
>
> We appear to again have a problem with messages posted via the Google
> Groups web UI making it to all subscribers on the list:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1412993
>
> Until that
On Wednesday, November 29, 2017 at 1:39:54 PM UTC-8, Kathleen Wilson wrote:
> Please ignore this email thread.
>
> In order for folks to debug the problem of posts to
> mozilla.dev.security.policy not getting propagated to Google Groups, they
> need email headers that are less
Please ignore this email thread.
In order for folks to debug the problem of posts to mozilla.dev.security.policy
not getting propagated to Google Groups, they need email headers that are less
than 8 days old.
Reference:
https://bugzilla.mozilla.org/show_bug.cgi?id=1412993
Thanks,
Kathleen
All,
I am pleased to announce that Wayne Thayer is now a Mozilla employee,
and will be working with me on our CA Program!
Many of you know Wayne from his involvement in this discussion forum and
in the CA/Browser Forum, as a representative for the Go Daddy CA. Wayne
was involved in Go
Hi Everyone,
If any of you use Salesforce for something other than CCADB, then I will
greatly appreciate it if you will Upvote for the following Salesforce
feature request for password authentication for SMTP Relaying:
https://success.salesforce.com/ideaView?id=08730006wu7AAA
We are
Note to CAs: The indicator that an Audit Case is under review for
particular root certs will only be added if there has been a
corresponding Audit Root Case created for that particular root cert. If
you have only created the Audit Case (and not the Audit Root Cases),
that will not be indicated
On 11/16/17 10:04 AM, Kathleen Wilson wrote:
On 11/13/17 1:52 PM, Kathleen Wilson wrote:
Link to November 2017 CA Communication on wiki page:
https://wiki.mozilla.org/CA/Communications#November_2017_CA_Communication
Direct link to the survey:
https://ccadb-public.secure.force.com
On 11/13/17 1:52 PM, Kathleen Wilson wrote:
Link to November 2017 CA Communication on wiki page:
https://wiki.mozilla.org/CA/Communications#November_2017_CA_Communication
Direct link to the survey:
https://ccadb-public.secure.force.com/mozillacommunications/CACommunicationSurveySample
Thank you to everyone who has been looking into the .tg Registry problem
and providing valuable information. I greatly appreciate all of your
efforts!
I have updated the related action item in the November CA Communication
to reflect the dates that we believe the .tg Registry was having
This hasn't shown up in Google Groups for me yet, so please see the
message below from Jeremy.
Note that there is a bug
(https://bugzilla.mozilla.org/show_bug.cgi?id=1412993) and a Google
support ticket open for this problem of messages that are posted via
Google Groups not showing up in
All,
The following report lists data for all root and intermediate cert
records in the CCADB.
https://ccadb-public.secure.force.com/mozilla/AllCertificateRecordsCSVFormat
A link to this report is here:
http://ccadb.org/resources
Cheers,
Kathleen
On 11/14/17 4:34 AM, douglas.beat...@gmail.com wrote:
Do we believe that this issue has been resolved by the Registry and issuance an
resume as normal, or are there ongoing concerns which CAs should be aware of
when issuing certificates to .tg domains?
Based on information from folks that
On 11/13/17 7:22 PM, Jakob Bohm wrote:
Wouldn't the .tg incident be equally relevant for the e-mail trust bit?
(In which case the first 3 options should say TLS/SSL/e-mail)
Good point. To make it easier, I removed "TLS/SSL", and changed text to
"certificates containing .tg domains".
On 11/6/17 3:40 AM, Ben Laurie wrote:
Since CT is not (yet) compulsory, it seems you probably have to contact all
CAs, doesn't it?
To close the loop on this...
I have added the following to the draft of the November 2017 CA
Communication.
~~
ACTION 8: Check for issuance of TLS/SSL
All,
I have updated the draft of the November 2017 CA Communication as follows:
- Postponed the response deadline to December 15.
- Removed the CT item (that will be handled separately, later)
- Added an action item (#4) about full period-of-time audits with no
gaps. (resulted in a slight
On 11/10/17 1:44 PM, Ben Wilson wrote:
In the spirit of full transparency and in attempt to comply to the extent we
can with Mozilla policy, on Thursday, Nov. 2, we created several sub CAs
under two new "transition" roots (yet to be submitted as roots). These sub
CAs haven't been uploaded yet
On 11/9/17 5:58 AM, cbonn...@trustwave.com wrote:
Hello all,
I was cross-referencing data contained in the "Included CAs" spreadsheet
(https://wiki.mozilla.org/CA/Included_CAs) and the "Included CA Certificates" spreadsheet
(https://wiki.mozilla.org/CA/Included_Certificates) and discovered
On 11/1/17 12:22 PM, westmai...@gmail.com wrote:
Hello,
Why you're removed the post of Peter Gutmann (Nov. 1, 2017, 4:08)?
If I understand correctly, at the time of the public discussion for new root
certificates SSL.com (RA Comodo) Mozilla concealed information about the
acquisition of SSL
It has been suggested that I need to communicate to CAs that there will
be consequences if their audit statements do not meet Mozilla’s
requirements, so how about if I add the following to the November CA
Communication?
~~
As stated in Mozilla’s April 2017 CA Communication[1] and Mozilla’s
Re-posting the message below, because it appears that this message did
not get propagated to groups.google.com.
I have filed a bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=1412993 -
mozilla.dev.security.policy posts not getting propagated to Google Groups
-Original Message-
On 10/31/17 2:57 PM, Dimitris Zacharopoulos wrote:
[NS]: If all ETSI reports delivered to Root Programs had clear
indication regarding the “audit period” and the type of the audit (i.e.
full), probably this discussion would not be raised at all?
Correct.
For example, in all our
Thank you, Dimitris, for sharing input from your auditor.
> Long story short, as an accredited CAB, we _definitely_ must check
> historical data over the period since previous audit. This requirement
> is clearly included in Section 7.9 of ETSI EN 319 403
>
On Monday, October 30, 2017 at 5:17:38 PM UTC-7, Kathleen Wilson wrote:
> On Saturday, October 28, 2017 at 5:07:51 PM UTC-7, Kathleen Wilson wrote:
> > All,
> >
> > Mozilla's Bugzilla system was updated a couple of days ago, and now the
> > Bugzilla/wiki integration i
On Saturday, October 28, 2017 at 5:07:51 PM UTC-7, Kathleen Wilson wrote:
> All,
>
> Mozilla's Bugzilla system was updated a couple of days ago, and now the
> Bugzilla/wiki integration is not working very well. So you will notice some
> changes in the following wiki pa
On Monday, October 30, 2017 at 5:02:08 PM UTC-7, Buschart, Rufus wrote:
> Our ETSI audit report
> (https://www.siemens.com/corp/pool/pki/siemens_etsi.pdf) states:
>
> > An audit of the certification service, documented in a report, provided
> > evidence that the requirements of the following
>
On Monday, October 30, 2017 at 2:59:31 PM UTC-7, Ryan Sleevi wrote:
>
> I would expect that it would be incumbent on the CABs and the CAs providing
> EN 319 411-1 certificates to help the community better understand the level
> of assurance provided. That is, I think those supporting the
All,
Mozilla's Bugzilla system was updated a couple of days ago, and now the
Bugzilla/wiki integration is not working very well. So you will notice some
changes in the following wiki pages:
https://wiki.mozilla.org/CA/Incident_Dashboard
https://wiki.mozilla.org/CA/Dashboard
I have
On Wednesday, October 25, 2017 at 2:05:33 PM UTC-7, Andrew Ayer wrote:
> Hi Kathleen,
>
> I suggest being explicit about which CAA errata Mozilla allows.
>
> For CNAME, it's erratum 5065.
>
> For DNAME, it's erratum 5097.
>
> Link to errata:
All,
I will greatly appreciate your thoughtful and constructive feedback on the
DRAFT of Mozilla's next CA Communication, which I am hoping to send in early
November.
https://wiki.mozilla.org/CA/Communications#November_2017_CA_Communication
Direct link to the survey:
On Tuesday, October 17, 2017 at 2:44:11 PM UTC-7, Kathleen Wilson wrote:
> A lot of the delay this time is in regards to our new
> Audit Case process.
> We'll work to get this cleared up this month.
To those of you CAs who have correctly followed the instructions for providing
yo
A lot of the delay this time is in regards to our new Audit Case process. We'll
work to get this cleared up this month.
Forwarded Message
Subject: Summary of October 2017 Audit Reminder Emails
Date: Tue, 17 Oct 2017 19:00:06 + (GMT)
Mozilla: Overdue Audit Statements
Root
Thank you to those of you who reviewed and commented on this request from
SSL.com to include the “SSL.com Root Certification Authority RSA”, “SSL.com
Root Certification Authority ECC”, “SSL.com EV Root Certification Authority RSA
R2”, and “SSL.com EV Root Certification Authority ECC” root
Bug Filed regarding PROCERT Action Items:
https://bugzilla.mozilla.org/show_bug.cgi?id=1405862
Thanks,
Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Bugs filed, or already existed…
To the CAs who have already responded here in this discussion, please also
copy-paste your incident report into the bug.
> >
> > Issuer: https://crt.sh/?caid=140
> >Issuer O: AC Camerfirma SA CIF A82743287
> > Issuer CN: Chambers of Commerce Root
> >
On Friday, September 29, 2017 at 2:52:49 PM UTC-7, Eric Mill wrote:
> That dynamic is natural, but accepting that this dynamic exists is
> different than giving into it in some absolute way. When offering second
> chances, requiring that the person/org fulfill certain conditions that
> speak
In past incidents, we have provided a list of action items that the CA must
complete before they can be re-included in Mozilla's root store.
What action items do you all think PROCERT should complete before they can be
re-included in Mozilla's root store?
What do you think should happen if
On Wednesday, September 20, 2017 at 6:34:04 AM UTC-7, Kurt Roeckx wrote:
> On 2017-09-20 01:09, Kathleen Wilson wrote:
> > Forwarded Message
> > Subject: Summary of September 2017 Audit Reminder Emails
> > Date: Tue, 19 Sep 2017 19:00:08 + (GMT)
>
Forwarded Message
Subject: Summary of September 2017 Audit Reminder Emails
Date: Tue, 19 Sep 2017 19:00:08 + (GMT)
Mozilla: Overdue Audit Statements
Root Certificates:
Autoridad de Certificacion Firmaprofesional CIF A62634068
Standard Audit:
Bugs filed…
>
> AS Sertifitseerimiskeskuse (SK)
>
Bug #1398233
>
> Autoridad de Certificacion Firmaprofesional
>
Bug #1398240
>
> CA Disig a.s. (Fixed as of 2017-08-31)
>
Bug #1398242
>
> certSIGN (partially resolved)
>
Bug #1398243
>
> Consorci Administració Oberta de Catalunya
> This request from the Dhimyotis/Certigna is to include the
> SHA-256 ‘Certigna Root CA’ certificate and turn on the
> Websites and Email trust bits. This root certificate will
> eventually replace the SHA-1 ‘Certigna’ root certificate
> that was included via Bugzilla #393166.
> ...
> The
I'm going to file the Bugzilla Bugs for each of these CAs, as follows.
==
Bug Summary: : Non-BR-Compliant OCSP Responders
Bug Description:
Problems have been found with OCSP responders for this CA, and reported in the
mozilla.dev.security.policy forum here:
On Thursday, September 7, 2017 at 1:23:17 AM UTC-7, Buschart, Rufus wrote:
> I have a question regarding the meaning of:
>
> > * The latest versions of the WebTrust and ETSI audit criteria are now
> > required, and auditors are required to be appropriately qualified.
I will delete that sentence
All,
Here is a draft of a security blog about version 2.5 of Mozilla's Root Store
Policy. I will greatly appreciate constructive feedback about it.
Thanks,
Kathleen
== Mozilla Releases Version 2.5 of Root Store Policy ==
Recently, Mozilla released version 2.5 of our Root Store Policy, which
Posted:
https://blog.mozilla.org/security/2017/08/30/removing-disabled-wosign-startcom-certificates-firefox-58/
I will look into getting this translated and published in China.
Thanks,
Kathleen
___
dev-security-policy mailing list
On Friday, August 4, 2017 at 12:01:15 AM UTC-7, Percy wrote:
> I suggest that Mozilla can post an announcement now about the complete
> removal of WoSign/StartCom to alert website developers. I suspect that a
> moderate amount of Chinese websites are still using WoSign certs chained to
> the
Thanks again to everyone reviewed and commented on this request from TrustCor.
I am now closing this discussion, and will recommend approval in the bug to
include the “TrustCor RootCert CA-1”, “TrustCor RootCert CA-2”, and “TrustCor
ECA-1” root certificates and enable the Websites and Email
I have filed Bug #1392849 to remove the old StartCom root certificates. This
will likely happen in the October batch of root changes.
Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
On Friday, August 18, 2017 at 6:35:23 AM UTC-7, Gervase Markham wrote:
> On 17/08/17 00:18, Kathleen Wilson wrote:
> > == Let’s Encrypt ==
> > RESOLVED (no bug needed)
>
> > == Staat der Nederlandend / PKIoverheid ==
> > RESOLVED (no bug needed)
>
> While
Thank you to everyone who has reviewed and commented on this request from
TrustCor to include the “TrustCor RootCert CA-1”, “TrustCor RootCert CA-2”, and
“TrustCor ECA-1” root certificates and enable the Websites and Email trust bits.
I believe that all of the questions and concerns have been
Filed bug for GoDaddy:
https://bugzilla.mozilla.org/show_bug.cgi?id=1391429
Thanks,
Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Bugs filed...
== Actalis ==
https://bugzilla.mozilla.org/show_bug.cgi?id=1390974
== Camerfirma ==
https://bugzilla.mozilla.org/show_bug.cgi?id=1390977
== Certinomis ==
https://bugzilla.mozilla.org/show_bug.cgi?id=1390978
== certSIGN ==
https://bugzilla.mozilla.org/show_bug.cgi?id=1390979
==
I will proceed with filing these bugs now.
Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Updated draft for the Bugzilla Bugs that I will be filing for the problems
listed below.
Product: NSS
Component: CA Certificate Mis-Issuance
Whiteboard: [ca-compliance]
Blocks: 1029147
Summary: : Non-BR-Compliant Certificate Issuance
Description:
The following problems have been found in
On Tuesday, August 15, 2017 at 3:53:06 PM UTC-7, Jonathan Rudenberg wrote:
> It would be useful to know when and through what channel the CA learned about
> each of the problems listed. (problem report via email at date/time;
> known/unresolved issue since date; mailing list post at date/time;
Feedback will be appreciated on the following draft for the Bugzilla Bugs that
I will be filing for the problems listed below.
Product: NSS
Component: CA Certificate Mis-Issuance
Whiteboard: [ca-compliance]
Blocks: 1029147
Summary: : Non-BR-Compliant Certificate Issuance
Description:
The
On Tuesday, August 15, 2017 at 1:00:04 PM UTC-7, Jonathan Rudenberg wrote:
> It’s worth noting that with the exception of the metadata-only
> subject fields issue, Alex and I have attempted to contact every
> CA listed directly via their public certificate problem reporting channels.
Good
Forwarded Message
Subject: Summary of August 2017 Audit Reminder Emails
Date: Tue, 15 Aug 2017 19:00:07 + (GMT)
Mozilla: Overdue Audit Statements
Root Certificates:
Autoridad de Certificacion Firmaprofesional CIF A62634068
Standard Audit:
On Tuesday, August 15, 2017 at 12:46:36 PM UTC-7, Ryan Sleevi wrote:
>
> The requirement for revocation comes from the Baseline Requirements.
>
> Could you clarify your expectations regarding CAs' violation of the
> Baseline Requirements with respect to these issues and Section 4.9.1.1.
Are you
All,
I have gone through the July/August posts in m.d.s.policy in order to determine
which Bugzilla Bugs I should file.
There are two outliers:
~~
** Undisclosed intermediates, or those missing audits
I have been working diligently on intermediate cert disclosures in the CCADB
for many months
All,
While I understand the desire to normally have one Bugzilla Bug per root cause
per CA, I do not have the bandwidth to do this.
So, I am going to create one bug per CA that I find in the recent m.d.s.policy
posts, and list all of the problems pertaining to that CA in their bug.
Thanks to
On Thursday, August 3, 2017 at 4:34:27 PM UTC-7, Ryan Sleevi wrote:
> I do hope you can clarify whether remediations apply to keys operated by
> organizations, or whether they apply to the organization themselves.
https://bugzilla.mozilla.org/show_bug.cgi?id=1311832
says: "StartCom may apply
On Thursday, August 3, 2017 at 3:09:25 PM UTC-7, Kurt Roeckx wrote:
> I would really like to see that they have at least opened a bug to
> request the inclusion of that CA before it's cross-signed.
Here's StartCom's current root inclusion request:
On Monday, July 10, 2017 at 12:47:31 PM UTC-7, Kathleen Wilson wrote:
> I also think we should remove the old WoSign root certs from NSS.
>
> Reference:
> https://wiki.mozilla.org/CA/Additional_Trust_Changes#WoSign
> ~~
> Mozilla currently recommends not trusting any c
All,
I have conflicting opinions about this situation:
On the one hand, I want to see better behavior, and am inclinded to add these
two intermediate certs to OneCRL, and tell StartCom and Certinomis to start
over and do things right.
On the other hand, I'm not convinced yet that the issued
Jonathan, Thank you for bringing this to our attention.
I have filed two bugs...
1) https://bugzilla.mozilla.org/show_bug.cgi?id=1386891
Certinomis: Cross-signing of StartCom intermediate certs, and delay in
reporting it in CCADB
2) https://bugzilla.mozilla.org/show_bug.cgi?id=1386894
Add
On Wednesday, August 2, 2017 at 2:13:40 PM UTC-7, Jeremy Rowley wrote:
> Today, DigiCert and Symantec announced that DigiCert is acquiring the
> Symantec CA assets, including the infrastructure, personnel, roots, and
> platforms. At the same time, DigiCert signed a Sub CA agreement wherein we
>
Thanks to all of you who reviewed and commented on this request from Guangdong
Certificate Authority (GDCA) to include the GDCA TrustAUTH R5 ROOT certificate,
turn on the Websites trust bit, and enabled EV treatment.
I believe that all of the concerns that were raised in this discussion have
The updated documents are also posted on the CA's website:
https://www.gdca.com.cn/customer_service/knowledge_universe/cp_cps/
Current audit statements are here:
WebTrust CA: https://cert.webtrust.org/ViewSeal?id=2231
WebTrust BR: https://cert.webtrust.org/ViewSeal?id=2232
WebTrust EV SSL:
Forwarded Message
Subject: Summary of July 2017 Audit Reminder Emails
Date: Tue, 18 Jul 2017 19:00:05 + (GMT)
Mozilla: Audit Reminder
Root Certificates:
LuxTrust Global Root 2
Standard Audit: https://bugzilla.mozilla.org/attachment.cgi?id=8777887
Audit Statement Date:
And I think we should remove the old StartCom root certs from NSS.
Reference:
https://wiki.mozilla.org/CA/Additional_Trust_Changes#StartCom
~~
Mozilla currently recommends not trusting any certificates issued by this CA
after October 21st, 2016. That recommendation covers the following roots:
I also think we should remove the old WoSign root certs from NSS.
Reference:
https://wiki.mozilla.org/CA/Additional_Trust_Changes#WoSign
~~
Mozilla currently recommends not trusting any certificates issued by this CA
after October 21st, 2016. That recommendation covers the following roots:
All,
We've added new Auditor objects to the Common CA Database. Previously auditor
information was just in text fields, and the same auditor could be represented
different ways. Now we will have a master list of auditors that CAs can select
from when entering their Audit Cases to provide their
Forwarded Message
Subject: Summary of June 2017 Audit Reminder Emails
Date: Tue, 20 Jun 2017 19:00:06 + (GMT)
Mozilla: Audit Reminder
Root Certificates:
Atos TrustedRoot 2011
Standard Audit:
On Monday, June 19, 2017 at 12:21:46 PM UTC-7, Peter Bowen wrote:
> It seems there is some confusion. The document presented would appear
> to be a Verified Accountant Letter (as defined in the EV Guidelines)
> and can used as part of the process to validate a request for an EV
> certificate. It
I just filed https://bugzilla.mozilla.org/show_bug.cgi?id=1374381 about an
audit statement that I received for SwissSign. I have copied the bug
description below, because I am concerned that there still may be ETSI auditors
(and CAs?) who do not understand the audit requirements, see below.
On Friday, May 26, 2017 at 9:32:57 AM UTC-7, Kathleen Wilson wrote:
> On Wednesday, March 15, 2017 at 5:01:13 PM UTC-7, Kathleen Wilson wrote:
> All,
>
> I requested that this CA perform a BR Self Assessment, and they have attached
> their completed BR Self Assessment to the bu
On Friday, May 26, 2017 at 2:50:16 AM UTC-7, Gervase Markham wrote:
> On 26/05/17 01:01, Kathleen Wilson wrote:
> > Known problems: - Some CAs did not provide their CAA (Certification
> > Authority Authorization) information correctly, so that column is
> > empty for them.
On Wednesday, March 15, 2017 at 5:01:13 PM UTC-7, Kathleen Wilson wrote:
>
> So, if there are no further questions or comments about this CA's request,
> then I will close this discussion and recommend approval in the bug.
>
All,
I requested that this CA perform a BR Sel
All,
We have added the following two reports to
https://wiki.mozilla.org/CA/Included_Certificates
1) CAs with Included Certificates
https://ccadb-public.secure.force.com/mozilla/CAInformationReport
2) CAs with Included Certificates (CSV)
I've been receiving questions about this update, so hopefully the following
will clarify...
CAs now login to the CCADB at this URL:
https://ccadb.force.com
There is no login required to view the public-facing reports and the responses
to the CA Communications. The links to those have been
CAs,
I was testing some changes in my CCADB Sandbox, and accidentally sent out audit
reminder email from it. So, if you get an email with the subject "Sandbox:
Mozilla: Audit Reminder" you can ignore it. It's likely a duplicate of the
email you received last Tuesday.
I apologize for the spam.
On Thursday, May 18, 2017 at 10:08:32 AM UTC-7, Kathleen Wilson wrote:
>
> On May 19 the following three breaking changes are planned, meaning that the
> old URLs will no longer work. Any links or bookmarks to these URLs will need
> to be updated. ...
>
> 1) The CA login p
201 - 300 of 747 matches
Mail list logo