I have moved the draft of the April 2017 CA Communication to production, so the link has changed to:
https://mozillacaprogram.secure.force.com/Communications/CACommunicationSurveySample?CACommunicationId=a05o000003WrzBC It is also available here: https://wiki.mozilla.org/CA:Communications#April_2017 Note to CAs: The survey is now visible in the CCADB via the "CA Communications (Page)" tab, but DO NOT TAKE THE SURVEY YET. You will not be able to submit your survey answers until I update the "Expiration Date" to a date in the future. I will do this when the survey is ready to be sent. Notable changes in this version: 1) Added free text Comments boxes to many of the action items. 2) Added ACTION 14: CERTIFICATE VALIDITY PERIODS IN TLS/SSL CERTS 3) Updated the last two bullet points in ACTION 5... + The word "clean" must be included in audit statements for which no problems were noted. + For ETSI - the attestation should additionally state that the audit was a full audit, and must indicate which parts of the criteria applied (e.g. DVCP, OVCP, NCP, NCP+, LCP, EVCP, EVCP+, QCP-w, Part1 (General Requirements), Part 2 (Requirements for trust services Providers issuing EU qualified certificates)). 4) Moved the "respond by" date to April 28. Please let me know asap if you see any problems, typos, etc. in this version. I would like to send this CA Communication next week. Thanks, Kathleen _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
