On 21/10/2016 00:24, Gervase Markham wrote:
On 20/10/16 15:05, Kathleen Wilson wrote:
You are receiving this email because our records indicate that there
are non-technically-constrained intermediate certificates that chain
up to your root certificates that are included in Mozilla’s program
that have not been entered into the CA Community in Salesforce.
Please complete this requirement by November 14, 2016.
I don't think we should set another deadline. We should remind them that
the deadline was June, tell them to do it ASAP, and warn them that we
could begin discussions about taking action at any time.
of Mozilla's CA Certificate Inclusion Policy, you are required to
provide public-facing documentation about the certificate
verification requirements and annual public attestation of
conformance to said requirements.
There is an open question, raised by Peter Bowen in CAB Forum, of what
to do about intermediate CAs which were created since the last audit. We
should work out what to do about that, at least in the short term,
before sending this message.
I think this could be covered together with the other issue you
mentioned by a text similar to:
For CA certificates signed or cross signed after the June deadline,
there is an ongoing requirement to enter them within ? calendar days
(?? hours) after signing them, preferably earlier.
For all the CA certificates entered in SalesForce, there is an ongoing
requirement to keep the information up to date, e.g. when there are
updates to audit reports, policy documents, ownership etc. Generally
within ?? calendar days (??? hours) after these changes occur. In
particular, changes of ownership should be reported as soon as they are
operational facts, even if the legal process of ownership change has
not yet completed.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
