Hi Rob, I'm doing acceptance testing on the changes, and then we should be good to go. Give me a couple of hours. Thanks, Ben
On Thu, Sep 15, 2022 at 7:07 AM 'Rob Stradling' via [email protected] <[email protected]> wrote: > > Please do not modify data in the CCADB during this update. > > There will be an "Under Construction" message on the CCADB home page, > and I will post another update here when the changes have been completed > and verified. > > Hi Kathleen. Do you know when these changes are expected to be completed > and verified? > > The "Under Construction" message is still on the CCADB home page and your > message was posted well over 24 hours ago. "Please do not modify data in > the CCADB during this update" is problematic, because > https://www.ccadb.org/policy#4-intermediate-certificates requires CAs to > modify certain data in the CCADB "within 24 hours for a security > incident". > > I don't have a security incident to declare, but I do need to add some new > intermediate certificates that were issued earlier today "within 7 days". > > ------------------------------ > *From:* [email protected] <[email protected]> > on behalf of Kathleen Wilson <[email protected]> > *Sent:* 14 September 2022 02:00 > *To:* [email protected] <[email protected]> > *Subject:* CCADB Update: "Add/Update Root Request” Case type > > > CAUTION: This email originated from outside of the organization. Do not > click links or open attachments unless you recognize the sender and know > the content is safe. > > All, > > The CCADB is being updated to introduce a new Case type called “Add/Update > Root Request”, which will replace the existing “CA Audit Update Request” > and “CA Information Update Request (Non-Audit)” Case types. > > Please do not modify data in the CCADB during this update. > > There will be an "Under Construction" message on the CCADB home page, and > I will post another update here when the changes have been completed and > verified. > > In the "Add/Update Root Request > <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fd%2F1ttmeeqO6WxDWe_deDNsGUgDO_LpsvoduFNZeHHMw_f8%2Fedit%3Fusp%3Dsharing&data=05%7C01%7Crob%40sectigo.com%7C06c64ea370c347dffa3008da95ec875b%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637987140370976603%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=KzoFbFGAKHPGcawqq5m4FY2bmPu7bHFirBaheXCqUxQ%3D&reserved=0>" > case we are also: > > 1. Adding a way for CAs to use this new case type to have new root > certificate records created in the CCADB > > 2. Adding a tab called "ROOT INFORMATION", where CAs can provide key > generation reports and information about the intended CA hierarchy. > 3. Updating Root Certificate records to add more fields. > > 4. Updating Intermediate Certificate records to remap EKU to Derived Trust > Bits. > > Our next project will be to revamp the workflow and UI for Root Inclusion > Cases. The idea being that a CA will use the "Add/Update Root Request" case > type to add records for their new root certificates, and maintain the > corresponding policy documents and audit statements there. Separately, the > CA can then create the requests for root stores to include those root > certificates. This new workflow should: > > + Be much easier for CAs to use > > + Enable CAs to request inclusion in multiple root stores without having > to provide the data multiple times > > + Reduce duplication of data in the CCADB, which currently results in > outdated information in Cases – the root inclusion case (which can be open > for multiple years) will refer to (not copy) the data in the CA Owner and > relevant Root Certificate records. > > Thanks, > > Kathleen > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/7c1fd293-2197-4382-8e10-472d7d3e4222n%40mozilla.org > <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fmozilla.org%2Fd%2Fmsgid%2Fdev-security-policy%2F7c1fd293-2197-4382-8e10-472d7d3e4222n%2540mozilla.org%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Crob%40sectigo.com%7C06c64ea370c347dffa3008da95ec875b%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637987140370976603%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YuhfgzuJ%2FxNg8YJtIVDXA4r7HpyCyj0L0iVttz1ED3M%3D&reserved=0> > . > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/MW4PR17MB4729CC3122B90478B1C8F13AAA499%40MW4PR17MB4729.namprd17.prod.outlook.com > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/MW4PR17MB4729CC3122B90478B1C8F13AAA499%40MW4PR17MB4729.namprd17.prod.outlook.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaa09zdu%2BC9vxoNhEgZdh5aE-rUkJTbjBsxie1yX%2BBh%2B9Q%40mail.gmail.com.
