All, Historically, Mozilla has required that CAs perform an annual Self-Assessment of their compliance with the CA/Browser Forum's TLS Baseline Requirements and Mozilla's Root Store Policy (MRSP). See https://wiki.mozilla.org/CA/Compliance_Self-Assessment. While there has not been any requirement that CAs submit their self-assessments to Mozilla, several CAs have had it a practice to do so.
We would like to propose that the operators of TLS CAs (those with the websites trust bit enabled) be required to submit these self-assessments annually by providing a link to them in the Common CA Database (CCADB). Therefore, we are proposing a new section 3.4 in the MRSP to read as follows: ---- Begin Draft for MRSP----- 3.4 Compliance Self-Assessments Effective January 1, 2024, CA operators with CA certificates capable of issuing working TLS server certificates MUST complete a [Compliance Self-Assessment](https://www.ccadb.org/cas/self-assessment) at least every 365 days and provide the Common CA Database with the location where that Compliance Self-Assessment can be retrieved. ----- End Draft for MRSP ----- The effective date of January 1, 2024, is not intended to result in a huge batch of self-assessments being submitted that day. Rather, we would hope that CAs begin providing the locations of their self-assessments as soon as possible by completing the "Self-Assessment" section under the "Root Information" tab of an Add/Update Root Case in the CCADB <https://www.ccadb.org/cas/updates>. (The field for this information already exists in the CCADB under the heading "Self-Assessment".) Please provide any comments or suggestions. Thanks, Ben and Kathleen -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaaVMdFoj20BQQwpgU4cZg517miimWniVdr__M2JRky1CA%40mail.gmail.com.
