Here's updated templates.
I took specific time frame information out of the templates, so that we
can tweak the time frames by just changing the program (and not the
templates). This will allow us to start out more lenient to account for
the fact that I haven't done the manual process for a while. Then we can
shrink the time frames as we get this automated and better kept up-to-date.
== Audit statements due ==
To: <Alias1 and Alias2. If Alias1 and 2 are blank then the primary POC
and CC POC(s)>
Subject: Mozilla Audit Reminder
Dear Certification Authority,
This is a courtesy reminder from Mozilla that updated audit statements
are due for the following root certificates:
- <Root Cert Name 1>
- <Root Cert Name 2>
- <Root Cert Name 3> etc
Here is the audit statement information we have for these root certificates.
Audit: <Standard Audit>
Audit Statement Date: <Standard Audit Statement Date>
BR Audit: <BR Audit>
BR Audit Statement Date: <BR Audit Statement Date>
EV Audit: <EV Audit>
EV Audit Statement Date: <EV Audit Statement Date>
As per Mozilla's CA Certificate Maintenance Policy, we require that all
CAs whose certificates are distributed with our software products
provide us an updated statement annually of attestation of their
conformance to the stated verification requirements and other
operational criteria by a competent independent party or parties.
To notify us of an updated statement of attestation, send email to
[email protected] or submit a bug report into the mozilla.org
Bugzilla system, filed against the "CA Certificates" component of the
"mozilla.org" product. If you are not proactively sending Mozilla your
updated audit statements, please create a process to do so.
This is an automated email that will be sent regularly until the audit
statements have been updated in our records.
Regards,
Kathleen Wilson, Module Owner of Mozilla's CA Certificates Module
==
== Overdue ==
To: <Alias1 and Alias2 *and* the primary POC and CC POC(s)
Subject: Mozilla: Overdue Audit Statements
Dear Certification Authority,
Updated audit statements are overdue for the following root
certificates. If you do not respond promptly with updated audit
information, a Mozilla representative will file a Bugzilla Bug and start
a discussion in the mozilla.dev.security.policy discussion forum to
record that audit statements are past due for these root certificates.
- <Root Cert Name 1>
- <Root Cert Name 2>
- <Root Cert Name 3> etc
Here is the audit statement information we have for these root certificates.
Audit: <Standard Audit>
Audit Statement Date: <Standard Audit Statement Date>
BR Audit: <BR Audit>
BR Audit Statement Date: <BR Audit Statement Date>
EV Audit: <EV Audit>
EV Audit Statement Date: <EV Audit Statement Date>
As per Mozilla's CA Certificate Maintenance Policy, we require that all
CAs whose certificates are distributed with our software products
provide us an updated statement annually of attestation of their
conformance to the stated verification requirements and other
operational criteria by a competent independent party or parties. A
failure to provide required updates in a timely manner are grounds for
disabling a CA’s root certificates or removing them from Mozilla
products. According to the policy "a timely manner" means within 30 days
of when the appropriate documentation becomes available to the CA.
To notify us of an updated statement of attestation, send email to
[email protected] or submit a bug report into the mozilla.org
Bugzilla system, filed against the "CA Certificates" component of the
"mozilla.org" product. If you are not proactively sending Mozilla your
updated audit statements, please create a process to do so.
This is an automated email that will be sent regularly until the audit
statements have been updated in our records.
Regards,
Kathleen Wilson, Module Owner of Mozilla's CA Certificates Module
==
== Danger of root being removed ==
To: <Alias1 and Alias2 *and* the primary POC and CC POC(s)
Subject: Mozilla: Your root is in danger of being removed
Dear Certification Authority,
Your root certificates as listed below are in danger of being removed
from Mozilla's root store, because the audit statements that we have on
record are very old. If you do not respond promptly with updated audit
information, we will initiate the process of removing these root
certificates.
- <Root Cert Name 1>
- <Root Cert Name 2>
- <Root Cert Name 3> etc
Here is the audit statement information we have for these root certificates.
Audit: <Standard Audit>
Audit Statement Date: <Standard Audit Statement Date>
BR Audit: <BR Audit>
BR Audit Statement Date: <BR Audit Statement Date>
EV Audit: <EV Audit>
EV Audit Statement Date: <EV Audit Statement Date>
As per Mozilla's CA Certificate Maintenance Policy, we require that all
CAs whose certificates are distributed with our software products
provide us an updated statement annually of attestation of their
conformance to the stated verification requirements and other
operational criteria by a competent independent party or parties. A
failure to provide required updates in a timely manner are grounds for
disabling a CA’s root certificates or removing them from Mozilla
products. According to the policy "a timely manner" means within 30
days of when the appropriate documentation becomes available to the CA.
To notify us of an updated statement of attestation, send email to
[email protected] or submit a bug report into the mozilla.org
Bugzilla system, filed against the "CA Certificates" component of the
"mozilla.org" product. If you are not proactively sending Mozilla your
updated audit statements, please create a process to do so.
This is an automated email that will be sent regularly until the audit
statements have been updated in our records or the corresponding root
certificates have been disabled or removed from NSS.
Regards,
Kathleen Wilson, Module Owner of Mozilla's CA Certificates Module
==
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
