Hi Rob,
I believe the requirement does not include the disclosure of Revoked
subCAs as they are not /"technically capable of issuing working server
or email certificates"/.
Thanks,
Dimitris.
On 24/6/2022 3:13 μ.μ., 'Rob Stradling' via
[email protected] wrote:
Hi. This is a friendly reminder about the recent Mozilla Root Store
Policy update[1] that was communicated in ITEM 7 /(Publicly Disclose
Intermediate CA Certificates capable of Issuing TLS or SMIME...in the
CCADB *by July 1, 2022, **even if they are technically
constrained*)/ of the May 2022 CA Communication and Survey.
Today I've updated https://crt.sh/mozilla-disclosures to bring it in
line with this Policy update.
crt.sh currently knows of 40 technically-constrained CA certificates
[2] that are /"capable of issuing working server or email
certificates"/but that have not yet been disclosed to the CCADB.
Since some of these CA certificates were issued by CAs whose response
to ITEM 7 was /"The CCADB already contains all our CA certificates
capable of issuing working server or email certificates, including
those that are technically constrained"/ [3], I would like to
encourage CA operators to take another look at this topic to ensure
that their CA is compliant by the upcoming July 1^st deadline.
[1]
https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#5-certificates:~:text=Name%2Dconstrained%20CA%20certificates%20that%20are%20technically%20capable%20of%20issuing%20working%20server%20or%20email%20certificates%20that%20were%20exempt%20from%20disclosure%20in%20previous%20versions%20of%20this%20policy%20MUST%20be%20disclosed%20in%20the%20CCADB%20prior%20to%20July%201%2C%202022.
[2] https://crt.sh/mozilla-disclosures#constrained
[3]
https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a058Z000013UmsDQAS&QuestionId=Q00175,Q00176
<https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a058Z000013UmsDQAS&QuestionId=Q00175,Q00176>
------------------------------------------------------------------------
*From:* [email protected]
<[email protected]> on behalf of Ben Wilson
<[email protected]>
*Sent:* 16 May 2022 21:50
*To:* [email protected] <[email protected]>
*Subject:* Re: Draft May 2022 CA Communication and Survey
CAUTION: This email originated from outside of the organization. Do
not click links or open attachments unless you recognize the sender
and know the content is safe.
All,
I'm going to hit "send" on the May 2022 CA Communication and Survey
this afternoon. CA responses will be made available at
https://wiki.mozilla.org/CA/Communications#May_2022_Responses
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.mozilla.org%2FCA%2FCommunications%23May_2022_Responses&data=05%7C01%7Crob%40sectigo.com%7Cbb2c24cb91ff4d55ac8c08da377db30a%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637883311610867187%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=o8cs1J2%2BoSjajaBdHB4AXTlT%2BKDysCagM4sJhh%2BI6R4%3D&reserved=0>.
Thanks,
Ben
On Thu, May 12, 2022 at 2:43 PM Ben Wilson <[email protected]> wrote:
All,
Please review and provide feedback on the following draft of the
May 2022 CA Communication and Survey that we plan to send to CAs
in the Mozilla root store:
https://ccadb-public.secure.force.com/mozillacommunications/CACommunicationSurveySample?CACommunicationId=a058Z000013UmsDQAS
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fccadb-public.secure.force.com%2Fmozillacommunications%2FCACommunicationSurveySample%3FCACommunicationId%3Da058Z000013UmsDQAS&data=05%7C01%7Crob%40sectigo.com%7Cbb2c24cb91ff4d55ac8c08da377db30a%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637883311610867187%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=OuUq3Lm2SuiIS6N3r8GqYOLs%2FQ%2Bt%2F19yII0p09p%2F46s%3D&reserved=0>
Thanks,
Ben
--
You received this message because you are subscribed to the Google
Groups "[email protected]" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaY8Ew-JW0k%2B5bzZc-2OGZtHQOb2J-yChCYwh0DDic59%3Dw%40mail.gmail.com
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fmozilla.org%2Fd%2Fmsgid%2Fdev-security-policy%2FCA%252B1gtaY8Ew-JW0k%252B5bzZc-2OGZtHQOb2J-yChCYwh0DDic59%253Dw%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Crob%40sectigo.com%7Cbb2c24cb91ff4d55ac8c08da377db30a%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637883311610867187%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0aqSWQnBKGKiuRZDBZvHYfMLnNd%2FCDCY5hMhNbnU9ZQ%3D&reserved=0>.
--
You received this message because you are subscribed to the Google
Groups "[email protected]" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/MW4PR17MB4729D9ABE96ABF0BD80990C6AAB49%40MW4PR17MB4729.namprd17.prod.outlook.com
<https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/MW4PR17MB4729D9ABE96ABF0BD80990C6AAB49%40MW4PR17MB4729.namprd17.prod.outlook.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"[email protected]" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/c939f05d-1da2-471c-7b32-9cc423e14d3a%40it.auth.gr.
