Should anything be mentioned about the allowed algorithms? That's the largest change to the policy and confirming the AlgorithmIdentifiers in each case may take some time.
-----Original Message----- From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> On Behalf Of Wayne Thayer via dev-security-policy Sent: Thursday, December 19, 2019 10:10 AM To: mozilla-dev-security-policy <mozilla-dev-security-pol...@lists.mozilla.org> Subject: DRAFT January 2020 CA Communication All, I've drafted a new email and survey that I plan to send to all CAs in the Mozilla program in early January. it focuses on compliance with the new (2.7) version of our Root Store Policy. I will appreciate your review and feedback on the draft: https://ccadb-public.secure.force.com/mozillacommunications/CACommunicationSurveySample?CACommunicationId=a051J00003waNOW Note that two deadlines have been added to the communication: * Action 3 specifies that CAs must agree to update their CP/CPS, if needed to comply, prior to April 1, 2020. This is intended to prevent responses that we have found unacceptable in the past, e.g. waiting for an annual audit before updating the CP/CPS. * Action 5 requires CAs with failed Intermediate ALV results to publish a plan to correct these problems no later than Feb 15, 2020. Kathleen announced that we have begun validating audit letters for intermediate certificates back in October [1], and the requirement for audit statements to contain the SHA256 fingerprint of each root and intermediate certificate that was in scope of the audit dates back to 2017. CAs should have already taken action to resolve these issues, so this deadline is intended to convey the need for an immediate response. - Wayne [1] https://groups.google.com/d/msg/mozilla.dev.security.policy/M7NGwCh14DI/ZPDMRvDzBQAJ _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
