Here's a summary of the audit reminder email that was sent today. Note that the email now tells CAs to provide their annual updates via the Common CA Database, as follows.
"Please provide your annual updates via the Common CA Database (CCADB), as described here: https://wiki.mozilla.org/CA:CommonCADatabase#Updating_Audit_Information " Also note that for root certificates with the Websites trust bit enabled, the annual updates must include: 1) Current audit statements 2) Update CP/CPS documents* 3) Test websites (valid, revoked, expired)** * Section 2 of the BRs: The CA SHALL develop, implement, enforce, and *annually update* a Certificate Policy and/or Certification Practice Statement that describes in detail how the CA implements the latest version of these Requirements. ** Section 2.2 of the BRs: The CA SHALL host test Web pages that allow Application Software Suppliers to test their software with Subscriber Certificates that chain up to each publicly trusted Root Certificate. At a minimum, the *CA SHALL host separate Web pages using Subscriber Certificates that are (i) valid, (ii) revoked, and (iii) expired.* -------- Forwarded Message -------- Subject: Summary of March 2017 Audit Reminder Emails Date: Tue, 21 Mar 2017 19:03:58 +0000 (GMT) From: Mozilla CA Program Manager Mozilla: Audit Reminder Root Certificates: SZAFIR ROOT CA2 Standard Audit: https://cert.webtrust.org/SealFile?seal=2018&file=pdf Audit Statement Date: 2016-03-18 BR Audit: https://cert.webtrust.org/SealFile?seal=2018&file=pdf BR Audit Statement Date: 2016-03-18 CA Comments: null ____ Mozilla: Audit Reminder Root Certificates: Autoridad de Certificacion Firmaprofesional CIF A62634068 Standard Audit: https://cert.webtrust.org/SealFile?seal=2032&file=pdf Audit Statement Date: 2016-04-11 BR Audit: https://bug521439.bmoattachments.org/attachment.cgi?id=8809981 BR Audit Statement Date: 2016-08-05 EV Audit: https://bug521439.bmoattachments.org/attachment.cgi?id=8809982 EV Audit Statement Date: 2016-08-05 CA Comments: BR and EV audits have happened, but there are action plans being presented to the auditors. Primary issues are use of UTF8 instead of PrintableString in jurisdictionOfIncorporation, and a recently repealed Spanish law that required privat ____ Mozilla: Audit Reminder Root Certificates: Buypass Class 2 Root CA Buypass Class 3 Root CA Standard Audit: http://www.buypass.no/om-buypass/etsi-102-042/_attachment/33325?_download=true&_ts=14bc532b650 Audit Statement Date: 2016-03-23 BR Audit: http://www.buypass.no/om-buypass/etsi-102-042/_attachment/33325?_download=true&_ts=14bc532b650 BR Audit Statement Date: 2016-03-23 EV Audit: http://www.buypass.no/om-buypass/etsi-102-042/_attachment/33325?_download=true&_ts=14bc532b650 EV Audit Statement Date: 2016-03-23 CA Comments: null ____ Mozilla: Audit Reminder Root Certificates: Cybertrust Global Root DigiCert Assured ID Root G2 DigiCert Assured ID Root G3 DigiCert Global Root G2 DigiCert Global Root G3 DigiCert High Assurance EV Root CA DigiCert Trusted Root G4 Standard Audit: https://cert.webtrust.org/SealFile?seal=2165&file=pdf Audit Statement Date: 2016-10-24 Standard Audit: https://cert.webtrust.org/SealFile?seal=2020&file=pdf Audit Statement Date: 2016-06-27 BR Audit: https://cert.webtrust.org/SealFile?seal=2016&file=pdf BR Audit Statement Date: 2016-03-18 BR Audit: https://cert.webtrust.org/SealFile?seal=2021&file=pdf BR Audit Statement Date: 2016-06-27 EV Audit: https://cert.webtrust.org/SealFile?seal=2166&file=pdf EV Audit Statement Date: 2016-10-24 EV Audit: https://cert.webtrust.org/SealFile?seal=2022&file=pdf EV Audit Statement Date: 2016-04-07 CA Comments: null ____ Mozilla: Audit Reminder Root Certificates: Hongkong Post Root CA 1 Standard Audit: https://bugzilla.mozilla.org/attachment.cgi?id=8732899 Audit Statement Date: 2016-02-26 BR Audit: https://bugzilla.mozilla.org/attachment.cgi?id=8746166 BR Audit Statement Date: 2016-03-31 CA Comments: null ____ Mozilla: Audit Reminder Root Certificates: QuoVadis Root CA 1 G3 QuoVadis Root CA 2 QuoVadis Root CA 2 G3 QuoVadis Root CA 3 QuoVadis Root CA 3 G3 QuoVadis Root Certification Authority Standard Audit: https://cert.webtrust.org/SealFile?seal=2013&file=pdf Audit Statement Date: 2016-03-28 BR Audit: https://cert.webtrust.org/SealFile?seal=2011&file=pdf BR Audit Statement Date: 2016-03-28 EV Audit: https://cert.webtrust.org/SealFile?seal=2012&file=pdf EV Audit Statement Date: 2016-03-28 CA Comments: https://www.wisekey.com/investors_press-release/wisekey-sixwihn-signs-letter-of-intent-to-acquire-quovadis-consolidating-certification-authority-power-for-eidas-and-iot ____ Mozilla: Audit Reminder Root Certificates: SwissSign Gold CA - G2 SwissSign Platinum CA - G2 SwissSign Silver CA - G2 Standard Audit: https://bug343756.bmoattachments.org/attachment.cgi?id=8781268 Audit Statement Date: 2016-03-18 BR Audit: https://bug343756.bmoattachments.org/attachment.cgi?id=8781268 BR Audit Statement Date: 2016-03-18 EV Audit: https://bug343756.bmoattachments.org/attachment.cgi?id=8781268 EV Audit Statement Date: 2016-03-18 CA Comments: null ____ Mozilla: Audit Reminder Root Certificates: Trustis Limited - Trustis FPS Root CA Standard Audit: https://bugzilla.mozilla.org/attachment.cgi?id=8745582 Audit Statement Date: 2016-02-03 BR Audit: https://bugzilla.mozilla.org/attachment.cgi?id=8745582 BR Audit Statement Date: 2016-02-03 CA Comments: null ____ Mozilla: Audit Reminder Root Certificates: Amazon Root CA 3 Amazon Root CA 2 Starfield Services Root Certificate Authority - G2 Amazon Root CA 1 Amazon Root CA 4 Standard Audit: https://cert.webtrust.org/SealFile?seal=1998&file=pdf Audit Statement Date: 2016-02-24 BR Audit: https://cert.webtrust.org/SealFile?seal=1999&file=pdf BR Audit Statement Date: 2016-02-24 EV Audit: https://cert.webtrust.org/SealFile?seal=2000&file=pdf EV Audit Statement Date: 2016-02-24 CA Comments: null ____ _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy

