On 4/2/19 1:10 PM, Kathleen Wilson wrote:
All,
CCADB sends email on the first Tuesday of each month to CAs with
outdated audit statements in their intermediate cert records. An audit
statement is determined to be outdated when its Audit Period End Date is
older than 1 year + 3 months.
https://wiki.mozilla.org/CA/Email_templates#Outdated_Audit_Statements_for_Intermediate_Certificates
Below is the summary of the email that was sent today.
Kathleen
-------- Forwarded Message --------
Subject: Summary of November 2019 Outdated Audit Statements for
Intermediate Certs
Date: Tue, 5 Nov 2019 15:00:05 +0000 (GMT)
____
At this time, there appears to be no outdated audit statements for
intermediate certs chaining up to root certs in Mozilla's program.
Thanks,
Kathleen
PS: This only applies to audit statements that have been provided in the
CCADB for intermediate cert records. According to Audit Letter
Validation (ALV), there are still many intermediate certs for which
their SHA-256 Fingerprints are not being found in the required audit
statements. This could either be due to ALV not finding the data that is
actually there or due to the intermediate cert not having the required
audits provided in the CCADB.
The discussion about ALV on intermediate certs may be found here:
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/M7NGwCh14DI
The discussion about adding SHA-256 formatting requirements to the CCADB
Policy may be found here:
https://groups.google.com/d/msg/mozilla.dev.security.policy/kiSKeeBMVWQ/fvmfsU2XDgAJ
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
