A question about the following statement: If an annual CCADB self-assessment is required by the individual Store policy, a single self-assessment may cover multiple CAs operating under both the same CP and CPS(s), or combined CP/CPS. CAs not operated under the same CP and CPS(s) or combined CP/CPS must be covered in a separate self-assessment.
Can a single self-assessment be used if all CAs operate under the same CP, but there are different CPS documents for the Root CA vs the Subordinate CAs since they issue different types of certificates, (ie the Root only issues CA certs and required infrastructure certificates, while the Subordinate CAs issue TLS subscriber certificates and any required infrastructure certificates so the practices might be different from the Root) I can't quite tell if that is what is meant by including the (s) after CPS. thanks, Wendy Wendy Brown Supporting GSA FPKIMA Technical Liaison Protiviti Government Services 703-965-2990 (cell) On Wed, Oct 11, 2023 at 9:49 AM 'Chris Clements' via CCADB Public < [email protected]> wrote: > TL;DR: The CCADB Steering Committee will soon update the CCADB policy to > Version > 1.3.0 <https://github.com/mozilla/www.ccadb.org/pull/138/files> [1], > which consolidates several requirements that currently exist in separate > Root Store policies. The CCADB Steering Committee provides this pre-release > draft and requests that any concerns be expressed by the CA community before > October 25, 2023. > > All, > > The CCADB policy <https://www.ccadb.org/policy> [2] will soon be updated > to Version 1.3.0 [1]. This update collects some currently disparate > requirements from Root Store policies and adds them to the CCADB policy. > Some Root Stores may update their individual policies in the future to > remove duplicative requirements. > > In general, this update: > > > 1. > > adds clarifying language to “Section 5. Policies, Audits, and > Practices”; > 2. > > states CA Owners must disclose at least an authoritative English > version of policy documents to the CCADB; > 3. > > adds Audit Team Qualifications that are provided to the CCADB; and > 4. > > (if required by a Root Store policy) defines the submission > requirements for the CCADB Self-Assessment. > > > The specific changes can be viewed in this PR [1]. This update does not > intend to create any new requirements for CA Owners included in the CCADB, > rather it intends to combine some existing requirements into a single > source to simplify compliance activities. > > The Steering Committee intends for this version of the policy to become > effective on October 25, 2023, and we plan to announce the release with a > separate communication. We appreciate considerations from the CA community, > either in the PR or directly in this thread before October 25, 2023. > > Thank you, > > -Chris, on behalf of the CCADB Steering Committee > > [1] https://github.com/mozilla/www.ccadb.org/pull/138/files > > [2] https://www.ccadb.org/policy > > -- > You received this message because you are subscribed to the Google Groups > "CCADB Public" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/ccadb.org/d/msgid/public/CAAbw9mCpXwWVG-fJ5xd%3D_Qn5RCTibgy63PBfGs9VVYpATf6t6A%40mail.gmail.com > <https://groups.google.com/a/ccadb.org/d/msgid/public/CAAbw9mCpXwWVG-fJ5xd%3D_Qn5RCTibgy63PBfGs9VVYpATf6t6A%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CADw9x2u4AngROfuqmaTp5EQt5LAahmQJ58meBZhW5b85CHT1Vw%40mail.gmail.com.
