Hi. This is a friendly reminder about the recent Mozilla Root Store Policy update[1] that was communicated in ITEM 7 (Publicly Disclose Intermediate CA Certificates capable of Issuing TLS or SMIME...in the CCADB by July 1, 2022, even if they are technically constrained) of the May 2022 CA Communication and Survey.
Today I've updated https://crt.sh/mozilla-disclosures to bring it in line with this Policy update. crt.sh currently knows of 40 technically-constrained CA certificates [2] that are "capable of issuing working server or email certificates" but that have not yet been disclosed to the CCADB. Since some of these CA certificates were issued by CAs whose response to ITEM 7 was "The CCADB already contains all our CA certificates capable of issuing working server or email certificates, including those that are technically constrained" [3], I would like to encourage CA operators to take another look at this topic to ensure that their CA is compliant by the upcoming July 1st deadline. [1] https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#5-certificates:~:text=Name%2Dconstrained%20CA%20certificates%20that%20are%20technically%20capable%20of%20issuing%20working%20server%20or%20email%20certificates%20that%20were%20exempt%20from%20disclosure%20in%20previous%20versions%20of%20this%20policy%20MUST%20be%20disclosed%20in%20the%20CCADB%20prior%20to%20July%201%2C%202022. [2] https://crt.sh/mozilla-disclosures#constrained [3] https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a058Z000013UmsDQAS&QuestionId=Q00175,Q00176 ________________________________ From: [email protected] <[email protected]> on behalf of Ben Wilson <[email protected]> Sent: 16 May 2022 21:50 To: [email protected] <[email protected]> Subject: Re: Draft May 2022 CA Communication and Survey CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. All, I'm going to hit "send" on the May 2022 CA Communication and Survey this afternoon. CA responses will be made available at https://wiki.mozilla.org/CA/Communications#May_2022_Responses<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.mozilla.org%2FCA%2FCommunications%23May_2022_Responses&data=05%7C01%7Crob%40sectigo.com%7Cbb2c24cb91ff4d55ac8c08da377db30a%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637883311610867187%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=o8cs1J2%2BoSjajaBdHB4AXTlT%2BKDysCagM4sJhh%2BI6R4%3D&reserved=0>. Thanks, Ben On Thu, May 12, 2022 at 2:43 PM Ben Wilson <[email protected]<mailto:[email protected]>> wrote: All, Please review and provide feedback on the following draft of the May 2022 CA Communication and Survey that we plan to send to CAs in the Mozilla root store: https://ccadb-public.secure.force.com/mozillacommunications/CACommunicationSurveySample?CACommunicationId=a058Z000013UmsDQAS<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fccadb-public.secure.force.com%2Fmozillacommunications%2FCACommunicationSurveySample%3FCACommunicationId%3Da058Z000013UmsDQAS&data=05%7C01%7Crob%40sectigo.com%7Cbb2c24cb91ff4d55ac8c08da377db30a%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637883311610867187%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=OuUq3Lm2SuiIS6N3r8GqYOLs%2FQ%2Bt%2F19yII0p09p%2F46s%3D&reserved=0> Thanks, Ben -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaY8Ew-JW0k%2B5bzZc-2OGZtHQOb2J-yChCYwh0DDic59%3Dw%40mail.gmail.com<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fmozilla.org%2Fd%2Fmsgid%2Fdev-security-policy%2FCA%252B1gtaY8Ew-JW0k%252B5bzZc-2OGZtHQOb2J-yChCYwh0DDic59%253Dw%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Crob%40sectigo.com%7Cbb2c24cb91ff4d55ac8c08da377db30a%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637883311610867187%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0aqSWQnBKGKiuRZDBZvHYfMLnNd%2FCDCY5hMhNbnU9ZQ%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/MW4PR17MB4729D9ABE96ABF0BD80990C6AAB49%40MW4PR17MB4729.namprd17.prod.outlook.com.
