Re: Audit Reminder Email Summary

Forwarded Message Subject: Summary of May 2019 Audit Reminder Emails Date: Tue, 21 May 2019 19:01:45 + (GMT) Mozilla: Audit Reminder CA Owner: LuxTrust Root Certificates: LuxTrust Global Root 2 Standard Audit:

Re: Audit Reminders for Intermediate Certs

Here's the summary of the email that was sent today to remind CAs about outdated audit statements for their intermediate certs. Forwarded Message Subject: Summary of May 2019 Outdated Audit Statements for Intermediate Certs Date: Tue, 7 May 2019 CA Owner: AC Camerfirma,

Re: Policy 2.7 Proposal: Clarify Revocation Requirements for S/MIME Certificates

Just want to make it very clear to everyone, that the proposal, to add the following text to section 6 of Mozilla's Root Store Policy would mean that certs constrained to id-kp-emailProtection (end-entity and intermediate), i.e. S/MIME certs, would be subject to the same BR rules and

Re: New intermediate certs and Audit Statements

On 7/9/19 3:17 PM, Ryan Sleevi wrote: On Tue, Jul 9, 2019 at 5:50 PM Kathleen Wilson via dev-security-policy I propose that to handle this situation, the CA may enter the subordinate CA's current audit statements and use the Public Comment field to indicate that the new certificate

Re: Audit Reminder Email Summary

Here's the summary of the automated audit reminder email that was sent last week. Forwarded Message Subject: Summary of April 2019 Audit Reminder Emails Date: Tue, 16 Apr 2019 19:00:28 + (GMT) Mozilla: Audit Reminder CA Owner: Global Digital Cybersecurity Authority Co.,

Re: DarkMatter Concerns

All, Thanks again to all of you who have been providing thoughtful and constructive input into this discussion. As I previously indicated [1], this has been a difficult decision to make. I have been carefully reading and contemplating the input that you all have been providing in this forum.

Re: Audit Reminder Email Summary

Forwarded Message Subject: Summary of July 2019 Audit Reminder Emails Date: Tue, 16 Jul 2019 19:00:29 + (GMT) Mozilla: Overdue Audit Statements CA Owner: LuxTrust Root Certificates: LuxTrust Global Root 2 Standard Audit:

Re: Extending Audit Letter Validation to Intermediate Cert records in CCADB

On 8/8/19 9:03 AM, Ryan Sleevi wrote: On Wed, Aug 7, 2019 at 6:28 PM Kathleen Wilson via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: I have been working towards extending Audit Letter Validation (ALV) to intermediate certificate records in the CCADB. This is inv

Re: Audit Reminder Email Summary

Forwarded Message Subject: Summary of August 2019 Audit Reminder Emails Date: Tue, 20 Aug 2019 19:00:34 + (GMT) Mozilla: Overdue Audit Statements CA Owner: AC Camerfirma, S.A. Root Certificates: Chambers of Commerce Root - 2008** Global Chambersign Root - 2008** **

Re: Audit Reminders for Intermediate Certs

Forwarded Message Subject: Summary of September 2019 Outdated Audit Statements for Intermediate Certs Date: Tue, 3 Sep 2019 14:00:41 + (GMT) CA Owner: Government of The Netherlands, PKIoverheid (Logius) - Certificate Name: KPN BV PKIoverheid Organisatie Server CA - G3

Re: Audit Reminder Email Summary

Forwarded Message Subject: Summary of September 2019 Audit Reminder Emails Date: Tue, 17 Sep 2019 19:00:10 + (GMT) Mozilla: Your root is in danger of being removed CA Owner: AC Camerfirma, S.A. Root Certificates: Chambers of Commerce Root - 2008** Global Chambersign

Re: Audit Reminders for Intermediate Certs

Forwarded Message Subject: Summary of August 2019 Outdated Audit Statements for Intermediate Certs Date: Tue, 6 Aug 2019 14:01:29 + (GMT) CA Owner: Government of The Netherlands, PKIoverheid (Logius) - Certificate Name: Cleverbase ID PKIoverheid Burger CA - G3 SHA-256

Extending Audit Letter Validation to Intermediate Cert records in CCADB

I have been working towards extending Audit Letter Validation (ALV) to intermediate certificate records in the CCADB. This is involving some changes. I added a field to intermediate cert records called 'Subordinate CA Owner', with help text: "If this certificate does not have the same audit

Re: Disclosure and CP/CPS for Cross-Signed Roots

It's currently only possible for CAs to update the CP/CPS URLs in their CCADB Root Certificate records by opening a "CA Audit Update Request" Case. (Each CCADB Root Certificate page says "CAs cannot modify data for the Root Certificate records. It is verified and maintained by root store

Re: Audit Reminder Email Summary

On 7/16/19 12:25 PM, Kurt Roeckx wrote: On Tue, Jul 16, 2019 at 12:12:57PM -0700, Kathleen Wilson via dev-security-policy wrote: Mozilla: Overdue Audit Statements CA Owner: LuxTrust Standard Audit Period End Date: 2018-03-30 For the overdue statements, I always see a comment, ussually

Re: Audit Reminders for Intermediate Certs

I apologize for the delay in forwarding this to m.d.s.p -- I was on vacation when this audit reminder email was sent. Forwarded Message Subject: Summary of July 2019 Outdated Audit Statements for Intermediate Certs Date: Tue, 2 Jul 2019 14:00:21 + (GMT) CA Owner:

Re: Audit Reminders for Intermediate Certs

Forwarded Message Subject: Summary of October 2019 Outdated Audit Statements for Intermediate Certs Date: Tue, 1 Oct 2019 14:00:16 + (GMT) CA Owner: Government of Taiwan, Government Root Certification Authority (GRCA) - Certificate Name: 行政院醫事憑證管理中心 (HCA) SHA-256

New intermediate certs and Audit Statements

All, There is some confusion about disclosure of new intermediate certs that are issued to subordinate CAs with currently valid audit statements. Section 5.3.2 of Mozilla's Root Store Policy says: "If the CA has a currently valid audit report at the time of creation of the certificate, then

Re: Audit Reminders for Intermediate Certs

On 4/2/19 1:10 PM, Kathleen Wilson wrote: All, CCADB sends email on the first Tuesday of each month to CAs with outdated audit statements in their intermediate cert records. An audit statement is determined to be outdated when its Audit Period End Date is older than 1 year + 3 months.

Re: Proposal: Add section 5.1 to the Common CCADB Policy

On 10/31/19 12:52 PM, Ryan Sleevi wrote: Some comparisons, from the Browser/Root Program Alignment proposal circulated at https://github.com/cabforum/documents/compare/master...sleevi:2019-10-Browser_Alignment On Wed, Oct 30, 2019 at 1:52 PM Kathleen Wilson via dev-security-policy <

Re: Proposal: Add section 5.1 to the Common CCADB Policy

On 10/31/19 2:51 PM, Ryan Sleevi wrote: Thanks, Kathleen. Snipped the other changes (which sound good), and a few replies inline below. On Thu, Oct 31, 2019 at 4:39 PM Kathleen Wilson via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: 2. Full name of

Proposal: Add section 5.1 to the Common CCADB Policy

All, I will greatly appreciate your thoughtful and constructive feedback on the following proposal to add a section to the Common CCADB Policy, https://www.ccadb.org/policy Proposal: Add section 5.1 to the Common CCADB Policy, as follows. ~~ 5.1 Audit Statement Content CCADB uses an Audit

Re: Proposal: Add section 5.1 to the Common CCADB Policy

All, Section 5.1 has been added to the CCADB Policy. https://www.ccadb.org/policy#51-audit-statement-content Please let me know if you see any problems with the addition. Thanks, Kathleen ___ dev-security-policy mailing list

Re: Audit Reminders for Intermediate Certs

Forwarded Message Subject: Summary of December 2019 Outdated Audit Statements for Intermediate Certs Date: Tue, 3 Dec 2019 15:00:22 + (GMT) CA Owner: Government of The Netherlands, PKIoverheid (Logius) - Certificate Name: UZI-register Medewerker niet op naam CA G3

Re: Audit Reminder Email Summary

Forwarded Message Subject: Summary of October 2019 Audit Reminder Emails Date: Tue, 15 Oct 2019 19:00:07 + (GMT) Mozilla: Audit Reminder CA Owner: E-Tugra Root Certificates: E-Tugra Certification Authority Standard Audit:

Re: Audit Letter Validation (ALV) on intermediate certs in CCADB

On 10/8/19 12:50 PM, Kathleen Wilson wrote: CAs, There is now an "Audit Letter Validation (ALV)" button on intermediate certificate records in the CCADB. There is also a new task list item on your home page. In the summary section you will see a line item like the following.    

Re: Audit Letter Validation (ALV) on intermediate certs in CCADB

CAs, Here's additional information based on questions I've received about what to do if you determine that an intermediate certificate is not listed in an audit statement that it should have been in. When an intermediate certificate is not listed in all of the necessary audit reports, it is

Re: Audit Letter Validation (ALV) on intermediate certs in CCADB

All, As Ryan points out, root store operators enforce the BRs in different ways. Ryan wrote: > (Writing in an official capacity for the Google/Chrome Root Program) > > Our expectation is that CAs will be filing incident reports for: > 1) The failure to include and document as in-scope within

Re: Audit Letter Validation (ALV) on intermediate certs in CCADB

On 11/19/19 4:59 PM, Kathleen Wilson wrote: Note: I will add a report to wiki.mozilla.org/CA/Intermediate_Certificates to list all of  the intermediate certificates that have been added to OneCRL and their revocation status. This will enable the CA Community to identify which certificates

Re: WebTrust direct URLs to PDF audit statements will be down during site update

All, The CPA Canada site maintenance finished, and we have updated the integration between CCADB and CPA Canada. So the direct URLs to PDF WebTrust audit statements provided via CCADB are working again. (note that those URLs have changed) Please let me know if you run into any problems.

Re: Proposal: Add section 5.1 to the Common CCADB Policy

All, The proposed section to add to the CCADB Policy (www.ccadb.org/policy) has been updated and is here: https://github.com/mozilla/www.ccadb.org/issues/33#issuecomment-558714086 This is the last call for feedback on it. Thanks, Kathleen ___

Re: Audit Letter Validation (ALV) on intermediate certs in CCADB

On 10/29/19 12:46 PM, Kathleen Wilson wrote: When an intermediate certificate is not listed in all of the necessary audit reports, it is a violation of Mozilla’s Root Store Policy and an incident report[1] must be filed via a Bugzilla Bug which must list the steps your CA is taking to resolve

Re: Proposal: Add section 5.1 to the Common CCADB Policy

All, The updated proposed section is here: https://github.com/mozilla/www.ccadb.org/issues/33#issuecomment-548884075 Please let me know if you have any further feedback on this proposed addition to the Common CCADB Policy. Thanks, Kathleen ___

Re: Audit Reminder Email Summary

Forwarded Message Subject: Summary of November 2019 Audit Reminder Emails Date: Tue, 19 Nov 2019 20:00:22 + (GMT) Mozilla: Audit Reminder CA Owner: D-TRUST Root Certificates: D-TRUST Root CA 3 2013 D-TRUST Root Class 3 CA 2 2009 D-TRUST Root Class 3 CA 2 EV 2009

WebTrust direct URLs to PDF audit statements will be down during site update

All, CPA Canada just informed me that the PDF file URLs that we use in the CCADB for WebTrust audits will be down for a while as they perform a site update. You will still be able to access the audit statements via the Seal files on the CA websites during this time. We apologize for the

Re: Audit Letter Validation (ALV) on intermediate certs in CCADB

All, I would like to remind everyone about when these requirements for non-technically-constrained intermediate certificates came into effect for CAs in Mozilla’s program according to previous versions of Mozilla’s Root Store Policy[1] and previous CA Communications[2]. February 2013:

Audit Letter Validation (ALV) on intermediate certs in CCADB

CAs, There is now an "Audit Letter Validation (ALV)" button on intermediate certificate records in the CCADB. There is also a new task list item on your home page. In the summary section you will see a line item like the following. "Intermediate Certs with Failed ALV Results: 8" When

Re: Audit Reminders for Intermediate Certs

Forwarded Message Subject: Summary of March 2020 Outdated Audit Statements for Intermediate Certs Date: Tue, 3 Mar 2020 15:00:16 + (GMT) CA Owner: AC Camerfirma, S.A. - Certificate Name: InfoCert Organization Validation CA 3 SHA-256 Fingerprint:

Re: 1H2020 Symantec Root Updates

I have filed these three bugs. === Bug #1: Root Removal and Disable Email Trust Bit === https://bugzilla.mozilla.org/show_bug.cgi?id=1618402 Symantec root certs - removal and turning off Email trust bit === Bug #2: Set CKA_NSS_SERVER_DISTRUST_AFTER ===

Re: Audit Reminders for Intermediate Certs

Forwarded Message Subject: Summary of February 2020 Outdated Audit Statements for Intermediate Certs Date: Tue, 4 Feb 2020 15:00:09 + (GMT) CA Owner: Government of The Netherlands, PKIoverheid (Logius) - Certificate Name: Digidentity BV PKIoverheid Organisatie Server

When to accept/require revised audits for missing cert fingerprints

All, https://wiki.mozilla.org/CA/Audit_Letter_Validation currently says: "" Acceptable remediation for an intermediate certificate missing BR audits may include one or more of the following: - Have your auditor issue a revised report that includes the intermediate certificate. Note that

Re: When to accept/require revised audits for missing cert fingerprints

I have updated the "Acceptable remediation" section of https://wiki.mozilla.org/CA/Audit_Letter_Validation#Intermediate_Certificates as follows. I will greatly appreciate your review and input on this. ~~ Acceptable remediation: Remediation may include one of the following when a

Re: Audit Reminder Email Summary

Forwarded Message Subject: Summary of February 2020 Audit Reminder Emails Date: Tue, 18 Feb 2020 20:00:10 + (GMT) Mozilla: Audit Reminder CA Owner: Government of The Netherlands, PKIoverheid (Logius) Root Certificates: Staat der Nederlanden EV Root CA Staat der

1H2020 Symantec Root Updates

All, I plan to file the following Bugzilla Bugs for changes related to the distrust of the old Symantec root certificates. === Bug #1: Root Removal and Disable Email Trust Bit === This bug will request that the following changes be made to NSS. 1) Remove the following root certs. - Subject:

Re: Auditing of CA facilities in lockdown because of an environmental disaster/pandemic

All, First, I would like to add a personal note that I am truly sorry about the many people, families, and colleagues that are being impacted by the Coronavirus. This is a heartbreaking situation. At Mozilla, our responsibility lies in ensuring people's security and privacy as they navigate

Re: DRAFT January 2020 CA Communication

On 1/7/20 7:00 PM, Wayne Thayer wrote: Please note that the responses for questions 2, 3, and 5 do not yet properly display the date fields that were recently added. This has been fixed, so now the responses to questions 2, 3, and 5 are provided in one report each. Thanks, Kathleen

Re: Audit Reminder Email Summary

Forwarded Message Subject:Summary of January 2020 Audit Reminder Emails Date: Tue, 21 Jan 2020 20:00:22 + (GMT) From: Mozilla CA Program Manager To: kwil...@mozilla.com Mozilla: Audit Reminder CA Owner: Internet Security Research Group (ISRG) Root

Re: DRAFT January 2020 CA Communication

On 1/8/20 5:12 AM, Malcolm Doody wrote: AFAICS, for Q5 it looks as if it's *only* displaying the date, and not the associated free-format comments field. This caused me to realize that we have a very simple solution... For Actions 2, 3, and 5, I added separate links to show the Dates that

Re: DRAFT January 2020 CA Communication

On 1/7/20 7:00 PM, Wayne Thayer wrote: The email has been sent to all CAs in the Mozilla program requesting that they respond to the survey by the end of this month. This communication should have been received by the Primary POC(s) and CA email alias as recorded in the CCADB for CAs with

Re: Audit Letter Validation (ALV) on intermediate certs in CCADB

On 10/8/19 12:50 PM, Kathleen Wilson wrote: There is now an "Audit Letter Validation (ALV)" button on intermediate certificate records in the CCADB. There is also a new task list item on your home page. I have added the following wiki page to provide instructions about ALV.

Re: About upcoming limits on trusted certificates

On 3/12/20 5:52 AM, Doug Beattie wrote: Changing the domain validation re-user period is a substantial change from the Apple proposed max validity period change and will place an additional burden on certificate Applicants to update their domain validation more than twice as frequently.

Re: About upcoming limits on trusted certificates

On 3/11/20 4:37 PM, Paul Walsh wrote: On Mar 11, 2020, at 4:11 PM, Kathleen Wilson via dev-security-policy wrote: On 3/11/20 3:51 PM, Paul Walsh wrote: Can you provide some insight to why you think a shorter frequency in domain validation would be beneficial? [PW] If the owner’s identity

Re: About upcoming limits on trusted certificates

All, First, I would like to say that my preference would have been for this type of change (limit SSL cert validity period to 398 days) to be agreed to in the CA/Browser Forum and added to the BRs. However, the ball is already rolling, and discussion here in m.d.s.p is supportive of updating

Re: About upcoming limits on trusted certificates

On 3/11/20 3:51 PM, Paul Walsh wrote: Can you provide some insight to why you think a shorter frequency in domain validation would be beneficial? To start with, it is common for a domain name to be purchased for one year. A certificate owner that was able to prove ownership/control of the

Welcome Ben Wilson to Mozilla!

All, I am pleased to announce that Ben Wilson has joined Mozilla as a CA Program Manager! Ben has worked in PKI security, compliance, and policy since 1998. Previously, he worked at DigiCert in various roles, including VP of PKI Operations, VP of Compliance, and Chair of DigiCert’s Policy

Re: Auditing of CA facilities in lockdown because of an environmental disaster/pandemic

All, Just FYI that I updated the CA Incident Dashboard wiki page to separate the audit delay bugs into their own section. https://wiki.mozilla.org/CA/Incident_Dashboard#Audit_Delays Thanks, Kathleen ___ dev-security-policy mailing list

Re: Audit Reminder Email Summary

Forwarded Message Subject: Summary of April 2020 Audit Reminder Emails Date: Tue, 21 Apr 2020 19:00:09 + (GMT) Mozilla: Audit Reminder CA Owner: Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA)) Root Certificates: GDCA

Re: DRAFT May 2020 CA Communication/Survey

On 5/1/20 10:18 AM, Corey Bonnell wrote: I agree that the intent of item 3 is clear, given the previous discussion on the topic [1]. However, there is no corresponding discussion on the Mozilla list (nor any Github issues [2]) for item 4 and the associated sub-items, which is why I asked for

Re: DRAFT May 2020 CA Communication/Survey

On 5/4/20 9:31 AM, Corey Bonnell wrote: Thank you very much for the clarifications. If I'm understanding correctly, it sounds like Mozilla is considering to add sub-items of item 4 on the survey as Mozilla Root Program requirements if the associated CAB Forum ballot does not pass. However, there

Re: Audit Reminders for Intermediate Certs

Forwarded Message Subject: Summary of May 2020 Outdated Audit Statements for Intermediate Certs Date: Tue, 5 May 2020 14:00:08 + (GMT) CA Owner: SECOM Trust Systems CO., LTD. - Certificate Name: SECOM Passport for Web MH CA SHA-256 Fingerprint:

Re: DRAFT May 2020 CA Communication/Survey

On 5/7/20 11:33 AM, Kathleen Wilson wrote: > I have drafted a potential CA Communication and survey, and will greatly > appreciate your input on it. > > https://wiki.mozilla.org/CA/Communications#May_2020_CA_Communication > > Direct link to read-only copy of the draft survey: >

Re: Auditing of CA facilities in lockdown because of an environmental disaster/pandemic

All, I will greatly appreciate your input on the following new "Audit Delay" section. https://wiki.mozilla.org/CA/Audit_Statements#Audit_Delay Thanks, Kathleen PS: I moved the content of https://wiki.mozilla.org/CA/Audit_Letter_Validation to https://wiki.mozilla.org/CA/Audit_Statements

Re: Audit Reminder Email Summary

Forwarded Message Subject: Summary of March 2020 Audit Reminder Emails Date: Tue, 17 Mar 2020 19:00:22 + (GMT) Mozilla: Audit Reminder CA Owner: Government of The Netherlands, PKIoverheid (Logius) Root Certificates: Staat der Nederlanden EV Root CA Staat der

Re: About upcoming limits on trusted certificates

Thanks to all of you who have participated in this discussion. We plan to begin work on a minor update (version 2.7.1) to Mozilla's Root Store Policy soon. In response to this discussion, the following two issues have been created and labelled for 2.7.1. Wayne filed

Re: Auditing of CA facilities in lockdown because of an environmental disaster/pandemic

On 3/18/20 5:16 PM, Ryan Sleevi wrote: Suggestions: 1) Rename "Audit Delay" to [audit-delay] and rename "Audit Delay COVID-19" to [audit-delay] [covid-19] or [audit-delay-covid-19], depending Rationale: In general, our filters work on word searches, so the brackets brackets help distinguish the

Re: Auditing of CA facilities in lockdown because of an environmental disaster/pandemic

All, I will greatly appreciate your ideas about the following. In the Minimum Expectations section in https://wiki.mozilla.org/CA/Audit_Statements#Audit_Delay I added: "" * Both ETSI and WebTrust Audits must: ** Disclose each location that was included in the scope of the audit, as well as

Re: Auditing of CA facilities in lockdown because of an environmental disaster/pandemic

On 3/20/20 1:15 PM, Jeremy Rowley wrote: What about issues other than audits? For example, with certain locations closing, key ceremonies may become impossible, leading to downed CRLs/OCSP for intermediates. There's also a potential issue with trusted roles even being able to access the data

Re: COVID-19 and CA Operational Status

All, If Mozilla decides to ask each CA in our program these types of questions, we will do so via a CA Communication (https://wiki.mozilla.org/CA/Communications). I appreciate Burton's curiosity, but your participation in this particular discussion thread is optional, and will not be

Re: Auditing of CA facilities in lockdown because of an environmental disaster/pandemic

It's still very much a work-in-progress, but I updated the first bullet point in the "Minimum Expectations" section again. https://wiki.mozilla.org/CA/Audit_Statements#Audit_Delay "" Both ETSI and WebTrust Audits should: - Disclose each location (at the state/province level) that was included

Request to Include Microsec e-Szigno Root CA 2017 and to EV-enable Microsec e-Szigno Root CA 2009

This request is for inclusion of the Microsec e-Szigno Root CA 2017 trust anchor and to EV-enable the currently included Microsec e-Szigno Root CA 2009 trust anchor as documented in the following bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1445364 BR Self Assessment is here:

Re: Audit Reminders for Intermediate Certs

On 5/6/20 5:19 AM, Ryan Sleevi wrote: Should we be creating CA incidents for repeats? I wasn’t sure if this was just an administrative hiccup on the Mozilla side in processing the case, or if this is a matter where the CA is not disclosing in a timely fashion. CAs directly add audit

Re: DRAFT May 2020 CA Communication/Survey

> I have drafted a potential CA Communication and survey, and will greatly > appreciate your input on it. > > https://wiki.mozilla.org/CA/Communications#May_2020_CA_Communication > > Direct link to read-only copy of the draft survey: >

Re: Audit Reminder Email Summary

Forwarded Message Subject: Summary of May 2020 Audit Reminder Emails Date: Tue, 19 May 2020 19:00:17 + (GMT) Mozilla: Audit Reminder CA Owner: Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA)) Root Certificates: GDCA

Re: DRAFT May 2020 CA Communication/Survey

On 5/1/20 9:48 AM, Corey Bonnell wrote: Hi Kathleen, Thank you for sending out this notification of the draft survey. I have briefly reviewed and would like to ask what is the intent of Item 4 and the associated sub-items? The Browser Alignment draft ballot is under discussion in the CAB

Re: Audit Reminder Email Summary

Forwarded Message Subject: Summary of September 2020 Audit Reminder Emails Date: Tue, 15 Sep 2020 19:00:12 + (GMT) Mozilla: Overdue Audit Statements CA Owner: eMudhra Technologies Limited Root Certificates: emSign Root CA - C1** emSign ECC Root CA - C3** emSign

Re: Add Ben Wilson as Peer of Mozilla's CA Certificates and CA Certificate Policy modules

On 8/27/20 11:11 AM, Kathleen Wilson wrote: All, I propose adding Ben Wilson as a peer[1] of Mozilla's CA Certificates Module[2] and CA Certificate Policy Module[3]. As you know, Ben and I are distributing the job of running Mozilla's CA Program between us, so Ben will continue to actively work

Re: Audit Reminders for Intermediate Certs

Forwarded Message Subject: Summary of September 2020 Outdated Audit Statements for Intermediate Certs Date: Tue, 1 Sep 2020 14:00:20 + (GMT) CA Owner: Government of The Netherlands, PKIoverheid (Logius) - Certificate Name: QuoVadis PKIoverheid Organisatie Server CA -

Re: Verifying Auditor Qualifications

On 8/31/20 11:07 AM, Kathleen Wilson wrote: On 8/28/20 3:59 PM, Kathleen Wilson wrote: On 8/26/20 1:41 PM, Kathleen Wilson wrote: The 5 CABs that I haven't been able to complete the Standard Check for are: - Bureau Veritas Italia S.p.A. - NAB is Accredia - CSQA - NAB is Accredia - KIWA - NAB

Re: Verifying Auditor Qualifications

On 8/28/20 3:59 PM, Kathleen Wilson wrote: On 8/26/20 1:41 PM, Kathleen Wilson wrote: The 5 CABs that I haven't been able to complete the Standard Check for are: - Bureau Veritas Italia S.p.A. - NAB is Accredia - CSQA - NAB is Accredia - KIWA - NAB is Accredia - QMSCERT - NAB is Accredia -

Re: PEM of root certs in Mozilla's root store

On 10/6/20 7:09 PM, Ryan Sleevi wrote: It seems like there should be a link to https://wiki.mozilla.org/CA/FAQ#Can_I_use_Mozilla.27s_set_of_CA_certificates.3F there I added that link to https://wiki.mozilla.org/CA/Included_Certificates Thanks, Kathleen

Re: PEM of root certs in Mozilla's root store

The text version has been updated to have each line limited to 64 characters. Text: https://ccadb-public.secure.force.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites https://ccadb-public.secure.force.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Email CSV:

Re: Audit Reminders for Intermediate Certs

Forwarded Message Subject: Summary of October 2020 Outdated Audit Statements for Intermediate Certs Date: Tue, 6 Oct 2020 14:00:25 + (GMT) CA Owner: Government of The Netherlands, PKIoverheid (Logius) - Certificate Name: QuoVadis PKIoverheid Organisatie Server CA - G3

Re: PEM of root certs in Mozilla's root store

On 10/7/20 1:09 PM, Jakob Bohm wrote: Please note that at least the first CSV download is not really a CSV file, as there are line feeds within each "PEM" value, and only one column.  It would probably be more useful as a simple concatenated PEM file, as used by various software packages as a

Re: Verifying Auditor Qualifications

On 10/11/20 11:06 PM, Nikolaos Soumelidis wrote: Dear Kathleen, We have been informed by ACCREDIA that the accreditation pages have now been updated to include ETSI EN 319 403. This removes any ambiguity. URLs remain the same; for example, QMSCERT's accreditation:

Re: PEM of root certs in Mozilla's root store

On 10/7/20 9:30 AM, Matthew Hardeman wrote: Would it be unreasonable to also consider publishing, as an "easy to use" list, that set of only those anchors which are currently trusted in the program and for which no exceptional in-product policy enforcement is imposed? (TLD constraints,

PEM of root certs in Mozilla's root store

All, I've been asked to publish Mozilla's root store in a way that is easy to consume by downstreams, so I have added the following to https://wiki.mozilla.org/CA/Included_Certificates CCADB Data Usage Terms PEM of Root

Re: CCADB Updates August 20-24: Policy Document Objects

The CCADB has been updated to enable many-to-many mapping between policy documents and root certificates. If you run into any problems using the CCADB, please send an email to supp...@ccadb.org. We are already working to fix the AllCertificateRecordsCSVFormat report, which is currently

Re: Audit Reminder Email Summary

Forwarded Message Subject: Summary of August 2020 Audit Reminder Emails Date: Tue, 18 Aug 2020 19:00:34 + (GMT) Mozilla: Audit Reminder CA Owner: eMudhra Technologies Limited Root Certificates: emSign Root CA - C1 emSign ECC Root CA - C3 emSign ECC Root CA - G3

Re: CCADB Updates August 20-24: Policy Document Objects

Here are a couple clarifications about this CCADB update. Please let me know if you run into any problems or have further questions about it. 1) The multiple-policy-documents feature is only available at the root certificate level. 2) Changes to root certificate records and their policy

Re: Verifying Auditor Qualifications

On 6/3/20 4:20 PM, Kathleen Wilson wrote: It recently came to my attention that I need to be more diligent in verifying auditor qualifications. https://wiki.mozilla.org/CA/Audit_Statements#Auditor_Qualifications All, While re-verifying auditor qualifications I have run into the following

Re: Verifying Auditor Qualifications

On 8/26/20 1:41 PM, Kathleen Wilson wrote: The 5 CABs that I haven't been able to complete the Standard Check for are: - Bureau Veritas Italia S.p.A. - NAB is Accredia - CSQA - NAB is Accredia - KIWA - NAB is Accredia - QMSCERT - NAB is Accredia - QSCert - NAB is CAI Update: I received

Re: Verifying Auditor Qualifications

On 8/26/20 12:35 PM, Nikolaos Soumelidis wrote: One would expect that they would put that in the accreditation documents or references, That helps answer part of my question -- that it is reasonable to expect the NAB's accreditation document to specifically list these ETSI EN standards.

Re: Verifying Auditor Qualifications

On 8/26/20 2:01 PM, Nikolaos Soumelidis wrote: I will greatly appreciate it if you can reach out to them again. Please let me know what information you would need. Will definitely do. Probably no other information will be needed by you, but I do appreciate the offer. Thanks! Please note

Re: Verifying Auditor Qualifications

On 8/26/20 12:29 PM, Ben Wilson wrote: This raises the question of whether NABs typically include ETSI EN 319 401, ETSI EN 319 411-1 and ETSI EN 319 411-2 in such CAB certification records. The answer to that question is yes, the other NABs typically do list that information directly in the

Add Ben Wilson as Peer of Mozilla's CA Certificates and CA Certificate Policy modules

All, I propose adding Ben Wilson as a peer[1] of Mozilla's CA Certificates Module[2] and CA Certificate Policy Module[3]. As you know, Ben and I are distributing the job of running Mozilla's CA Program between us, so Ben will continue to actively work on both of these Modules. Thanks, Kathleen

How to Create and Audit Case in CCADB

CAs, I have updated the instructions for creating an Audit Case in the CCADB, and have added a video that demonstrates the process. https://www.ccadb.org/cas/updates#instructions Please let me know if you have any questions about the updated process. Thanks, Kathleen

Re: Audit Reminder Email Summary

On 9/15/20 3:21 PM, Kathleen Wilson wrote: Forwarded Message Subject: Summary of September 2020 Audit Reminder Emails Mozilla: Audit Reminder CA Owner: E-Tugra Root Certificates:    E-Tugra Certification Authority Standard Audit:

Re: DRAFT May 2020 CA Communication/Survey

Thank you to all of you who responded to the May 2020 CA Communication/Survey. Communication/Survey: https://wiki.mozilla.org/CA/Communications#May_2020_CA_Communication Blog Post: https://blog.mozilla.org/security/2020/05/08/may-2020-ca-communication/ Responses:

Re: Audit Reminder Email Summary

Forwarded Message Subject: Summary of October 2020 Audit Reminder Emails Date: Tue, 20 Oct 2020 19:00:26 + (GMT) Mozilla: Audit Reminder CA Owner: Internet Security Research Group (ISRG) Root Certificates: ISRG Root X1** ** Audit Case in the Common CA Database is under

CCADB Proposal: Add field called Full CRL Issued By This CA

All, Root store operators would like to easily find and use the URLs to the Full CRLs for things like Mozilla’s CRLite. The BRs do not require CRL URLs in end-entity certificates, and many CAs use partitioned CRLs for end-entity certificates. Proposal: Add field called 'Full CRL Issued By

<    1   2   3   4   >