Hi Rufus, If you can point us to the specific messages of the thread, it would be really helpful.
Thanks, DZ. Jun 24, 2022 21:13:05 Buschart, Rufus <[email protected]>: > Hi! > > Remembering the discussion while creating this policy sentence, I think it > was never the intend to include expired or revoked ICAs in CCADB. > > /Rufus > > *From:* 'Stephen Davidson' via [email protected] > <[email protected]> > *Sent:* Friday, 24 June 2022 19:48 > *To:* Dimitris Zacharopoulos <[email protected]>; Rob Stradling > <[email protected]>; [email protected] <[email protected]> > *Subject:* RE: Draft May 2022 CA Communication and Survey > > Hello: > > I agree with Dimitris. The CAs I am familiar with on your list were revoked > before there was a requirement for them to be disclosed in CCADB, and in any > case do not have remaining leaf certificates within their respective validity > periods. In short, the CAs are not capable of issuing working certs today, > and none of their previous leaf certs should be working. > > Also, a number of those CAs are email. Is oneCRL used for non-TLS? > > It would be helpful for a policy clarification if there is a new requirement > to report ICAs that were discontinued before the respective CCADB > requirements. It is potentially a large number of CAs. > > Regards, Stephen > > *From:* [email protected] <[email protected]> *On > Behalf Of *Dimitris Zacharopoulos > *Sent:* Friday, June 24, 2022 9:27 AM > *To:* Rob Stradling <[email protected]>; [email protected] > <[email protected]> > *Subject:* Re: Draft May 2022 CA Communication and Survey > > Hi Rob, > > I believe the requirement does not include the disclosure of Revoked subCAs > as they are not /"technically capable of issuing working server or email > certificates"/. > > > Thanks, > Dimitris. > > > On 24/6/2022 3:13 μ.μ., 'Rob Stradling' via [email protected] > wrote: > > Hi. This is a friendly reminder about the recent Mozilla Root Store Policy > update[1] that was communicated in ITEM 7 /(Publicly Disclose Intermediate CA > Certificates capable of Issuing TLS or SMIME...in the CCADB *by July 1, 2022, > even if they are technically constrained*)/ of the May 2022 CA Communication > and Survey. > > Today I've updated https://crt.sh/mozilla-disclosures to bring it in line > with this Policy update. > > crt.sh currently knows of 40 technically-constrained CA certificates [2] that > are /"capable of issuing working server or email certificates"/ but that have > not yet been disclosed to the CCADB. Since some of these CA certificates > were issued by CAs whose response to ITEM 7 was /"The CCADB already contains > all our CA certificates capable of issuing working server or email > certificates, including those that are technically constrained"/ [3], I would > like to encourage CA operators to take another look at this topic to ensure > that their CA is compliant by the upcoming July 1st deadline. > > [1] > https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#5-certificates:~:text=Name%2Dconstrained%20CA%20certificates%20that%20are%20technically%20capable%20of%20issuing%20working%20server%20or%20email%20certificates%20that%20were%20exempt%20from%20disclosure%20in%20previous%20versions%20of%20this%20policy%20MUST%20be%20disclosed%20in%20the%20CCADB%20prior%20to%20July%201%2C%202022. > > [2] https://crt.sh/mozilla-disclosures#constrained > > [3] > https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a058Z000013UmsDQAS&QuestionId=Q00175,Q00176 > > ---------------------------------------- > > *From:* [email protected] <[email protected]> on > behalf of Ben Wilson <[email protected]> > *Sent:* 16 May 2022 21:50 > *To:* [email protected] <[email protected]> > *Subject:* Re: Draft May 2022 CA Communication and Survey > > > > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > All, > > I'm going to hit "send" on the May 2022 CA Communication and Survey this > afternoon. CA responses will be made available at > https://wiki.mozilla.org/CA/Communications#May_2022_Responses[https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.mozilla.org%2FCA%2FCommunications%23May_2022_Responses&data=05%7C01%7Crob%40sectigo.com%7Cbb2c24cb91ff4d55ac8c08da377db30a%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637883311610867187%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=o8cs1J2%2BoSjajaBdHB4AXTlT%2BKDysCagM4sJhh%2BI6R4%3D&reserved=0]. > > Thanks, > > Ben > > On Thu, May 12, 2022 at 2:43 PM Ben Wilson <[email protected]> wrote: > > All, > > Please review and provide feedback on the following draft of the May 2022 CA > Communication and Survey that we plan to send to CAs in the Mozilla root > store: > > https://ccadb-public.secure.force.com/mozillacommunications/CACommunicationSurveySample?CACommunicationId=a058Z000013UmsDQAS[https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fccadb-public.secure.force.com%2Fmozillacommunications%2FCACommunicationSurveySample%3FCACommunicationId%3Da058Z000013UmsDQAS&data=05%7C01%7Crob%40sectigo.com%7Cbb2c24cb91ff4d55ac8c08da377db30a%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637883311610867187%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=OuUq3Lm2SuiIS6N3r8GqYOLs%2FQ%2Bt%2F19yII0p09p%2F46s%3D&reserved=0] > > Thanks, > > Ben > > -- > You received this message because you are subscribed to the Google Groups > "[email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaY8Ew-JW0k%2B5bzZc-2OGZtHQOb2J-yChCYwh0DDic59%3Dw%40mail.gmail.com[https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fmozilla.org%2Fd%2Fmsgid%2Fdev-security-policy%2FCA%252B1gtaY8Ew-JW0k%252B5bzZc-2OGZtHQOb2J-yChCYwh0DDic59%253Dw%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Crob%40sectigo.com%7Cbb2c24cb91ff4d55ac8c08da377db30a%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637883311610867187%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0aqSWQnBKGKiuRZDBZvHYfMLnNd%2FCDCY5hMhNbnU9ZQ%3D&reserved=0]. > > -- > You received this message because you are subscribed to the Google Groups > "[email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/MW4PR17MB4729D9ABE96ABF0BD80990C6AAB49%40MW4PR17MB4729.namprd17.prod.outlook.com[https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/MW4PR17MB4729D9ABE96ABF0BD80990C6AAB49%40MW4PR17MB4729.namprd17.prod.outlook.com?utm_medium=email&utm_source=footer]. > > -- > You received this message because you are subscribed to the Google Groups > "[email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/c939f05d-1da2-471c-7b32-9cc423e14d3a%40it.auth.gr[https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/c939f05d-1da2-471c-7b32-9cc423e14d3a%40it.auth.gr?utm_medium=email&utm_source=footer]. > > -- > You received this message because you are subscribed to the Google Groups > "[email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/BL1PR14MB5143238208925BBDB2B6F61CE5B49%40BL1PR14MB5143.namprd14.prod.outlook.com[https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/BL1PR14MB5143238208925BBDB2B6F61CE5B49%40BL1PR14MB5143.namprd14.prod.outlook.com?utm_medium=email&utm_source=footer]. > > -- > You received this message because you are subscribed to the Google Groups > "[email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/AM8PR10MB46584E0DF31EA236798FBC569EB49%40AM8PR10MB4658.EURPRD10.PROD.OUTLOOK.COM[https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/AM8PR10MB46584E0DF31EA236798FBC569EB49%40AM8PR10MB4658.EURPRD10.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer]. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/f21532a0-d395-4d28-ae46-5a3494623924%40it.auth.gr.
