On Mon, Apr 28, 2014 at 12:04 PM, Kathleen Wilson <[email protected]> wrote: > 1) Ensure that Mozilla’s spreadsheet of included root certificates has the > correct link to your most recent audit statement, and that the date of the > audit statement is correct. As per Mozilla's CA Certificate Policy, we > require that all CAs whose certificates are distributed with our software > products provide us an updated statement annually of attestation of their > conformance to the stated verification requirements and other operational > criteria by a competent independent party or parties. > > Please respond with one of the following: > A) Mozilla’s spreadsheet of included root certificates has the correct link > to our most recent audit statement, and the audit statement date is correct. > B) Here is the most recent audit statement for our certificates that are > included in Mozilla’s CA program: <insert link here> > C) We plan to send Mozilla our current audit statement by <insert date > here>. > > > 2) Send Mozilla the link to your most recent Baseline Requirements audit > statement. Details about Mozilla's audit requirements are listed in section > 11 of Mozilla's CA Certificate Inclusion Policy. > > Please respond with one of the following: > A) Mozilla’s spreadsheet of included root certificates has the correct link > to our most recent Baseline Requirements audit statement. > B) Here is the most recent Baseline Requirements audit statement for our > certificates that are included in Mozilla’s CA program: <insert link here> > C) We plan to send Mozilla our current Baseline Requirements audit statement > by <insert date here>. > D) The websites (SSL/TLS) trust bit is not enabled for our certificates that > are included in Mozilla's CA program.
Both 1) and 2) should probably have an additional option: - We do not have a current audit for this root. Please remove the root from the Mozilla CA program. While I would hope that any CA choosing this option would have already provided this information, it is a valid choice. Thanks, Peter _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
