I've given the new version [1] another review, updated a few links, and set
the effective date to 1-January 2020.

Unless there are new comments on this or any of the other changes [2], I
will have the new version published in the next few weeks. I'll also be
preparing a CA Communication to announce the new policy and specific
compliance dates.

- Wayne

[1] https://github.com/mozilla/pkipolicy/blob/2.7/rootstore/policy.md
[2] https://github.com/mozilla/pkipolicy/compare/master...2.7?diff=split

On Wed, Nov 20, 2019 at 3:21 PM Wayne Thayer <wtha...@mozilla.com> wrote:

> The last change I am proposing for version 2.7 of the Mozilla Root Store
> policy is an update to the minimum versions of audit criteria that we will
> accept in audits. I have conferred with the WebTrust Task Force and was
> informed that we can update the minimum version requirements for audit
> statements received after December 2019 as follows:
>
> WebTrust for CA – instead of v2.0 use v2.2
> WebTrust for BL+NSR – instead of v2.2 use v2.4.1
> WebTrust for EVSSL – instead of v1.6.0 use v1.6.8
>
> I asked the same question to ETSI representatives and was told that the
> following changes are appropriate:
>
> ETSI EN 319 411-1 - instead of v1.1.1 use v1.2.2
> ETSI EN 319 411-2 - instead of v2.1.1 use v2.2.2
>
> I have made these changes at
> https://github.com/mozilla/pkipolicy/commit/f605b39ccd9d1000ecebbfc028ab99aafae73d33
> (I also update the links in a later commit)
>
> This is https://github.com/mozilla/pkipolicy/issues/197
>
> I will greatly appreciate everyone's feedback - especially from any CAs or
> auditors for which these changes may cause problems.
>
> - Wayne
>
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to