Hi Rob, Thank you for your attention to detail. That was not deliberate and has since been resolved.
Thanks again! -Chris On Thu, Sep 28, 2023 at 9:41 AM 'Rob Stradling' via CCADB Public < [email protected]> wrote: > Thanks Clint. > > Each line in AllCertificateRecordsCSVFormat (except for the header line) > now has a trailing comma. Is this deliberate? > > ------------------------------ > *From:* 'Clint Wilson' via CCADB Public > *Sent:* Wednesday, September 27, 2023 22:59 > *To:* public > *Subject:* CCADB Update: AllCerts Report Additions > > TL;DR: The CCADB Steering Committee has updated the “All Certificate > Information (root and intermediate) in CCADB” [1] (aka > AllCertificateRecordsCSVFormat) report to include two additional columns: > “Derived Trust Bits” and “Status of Root Cert” > > All, > > The CCADB Steering Committee has received two problem statements from CAs > regarding the value and reliability of the AllCertificateRecordsCSVFormat > report. After discussion and design within the CCADB Steering Committee, an > enhancement has been made to the report to address these problem statements. > > Status of Root Cert > > The first problem [2] identified an issue with accurately assessing the > inclusion status of a given Intermediate Certificate in a Root Store using > the details provided in the AllCertificateRecordsCSVFormat report. The > identified solution was to add a new column which matches the content of > the “Status of Root Cert” field in the CCADB. This field combines the > status values from the separate Mozilla, Microsoft, Google Chrome, and > Apple status fields, representing them as a single concatenated string, > e.g. “Apple: Included; Google Chrome: Included; Microsoft: Included; > Mozilla: Included”. This field pulls the individual status values from the > Root Certificate record, so is the same for all Intermediate Certificate > records subordinate to a given Root Certificate record. > > The AllCertificateRecordsCSVFormat report includes several separate > columns (e.g. ‘Mozilla Status’) that appear similar to the information > provided in this new column. These Store-specific columns are used on both > Root Certificate and Intermediate Certificate records. The new column pulls > from the same information as the Store-specific columns do on Root > Certificate records, so in this regard the new column is not net-new > information. However, on Intermediate Certificate records this same field > does not always match that of its parent Root Certificate record, creating > some doubt as to the correct status of Intermediate Certificate records. > > [Request] Related to this change, the CCADB Steering Committee would like > to understand if there is any extant reliance on the Store-specific > “Status” columns. We propose removing those in the future if they are not > currently being relied upon. > > Derived Trust Bits > > The second problem identified is a little more straightforward, in that > the current AllCertificateRecordsCSVFormat report does not include details > regarding the “trust bits” which the CCADB has determined apply to a given > Root or Intermediate Certificate record (represented within the CCADB in > the “Derived Trust Bits” field). This information is helpful in determining > a variety of expectations about the certificate, such as the applicable > audit criteria or information disclosure requirements. > > It may be important to note that the CCADB’s “Derived Trust Bits” do not, > in all cases, match other similar data sources [3] which leverage this > information. In some cases this is because the CCADB incorporates > additional context and in other cases because the CCADB lacks additional > context. We hope that this additional column will help us all to better > understand where and how future improvements to the CCADB should be made. > > This updated report has been deployed and is available for use now. If you > have any concerns with these updates or encounter any issues, please let us > know (preferentially here, but [email protected] works too). > > Thank you > > - Clint, on Behalf of the CCADB Steering Committee > > [1] https://www.ccadb.org/resources > > [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1850031 > > [3] https://crt.sh/mozilla-disclosures > > -- > You received this message because you are subscribed to the Google Groups > "CCADB Public" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/ccadb.org/d/msgid/public/F57D6948-3F1A-46F4-9AD7-3763006BC3F8%40apple.com > <https://groups.google.com/a/ccadb.org/d/msgid/public/F57D6948-3F1A-46F4-9AD7-3763006BC3F8%40apple.com?utm_medium=email&utm_source=footer> > . > > -- > You received this message because you are subscribed to the Google Groups > "CCADB Public" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/ccadb.org/d/msgid/public/MW4PR17MB47298C505515F7DE6811C2B0AAC1A%40MW4PR17MB4729.namprd17.prod.outlook.com > <https://groups.google.com/a/ccadb.org/d/msgid/public/MW4PR17MB47298C505515F7DE6811C2B0AAC1A%40MW4PR17MB4729.namprd17.prod.outlook.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CAAbw9mBgHZUsiSO8zVxdDk_ryP1GjEPB1YkADK5iJEosjTse6w%40mail.gmail.com.
