Re: Changing Date Checks in Audit Reminder Emails
On 2/6/19 2:53 PM, Kathleen Wilson wrote: So here's the updated proposal: 1) If (1 year + 31 days) < (today - Audit Period End Date) <= (1 year + 93 days) Send Courtesy Audit Reminder https://wiki.mozilla.org/CA/Email_templates#Courtesy_Audit_Reminder_Email_Template 2) If (1 year + 93 days) < (today - Audit Period End Date) <= (1 year + 150 days) Send Overdue Audit Reminder https://wiki.mozilla.org/CA/Email_templates#Overdue_Audit_Statement_Email_Template 3) If (1 year + 150 days) < (today - Audit Period End Date) Send Danger of being Removed notice https://wiki.mozilla.org/CA/Email_templates#Failure_to_Provide_Audit_Statement_Email_Template These changes have been implemented, so the audit reminder emails that will be sent next Tuesday will reflect this new logic. I also added this information to the wiki page: https://wiki.mozilla.org/CA/Email_templates#Audit_Reminder_Email_Templates - Audit Reminder is sent when previous Audit Period End date is 1 year plus 31 days to 93 days old. - Overdue Notice is sent when previous Audit Period End date is 1 year plus 93 days to 150 days old. - Danger of being removed warning is sent when previous Audit Period End date is older than 1 year plus 150 days. Thanks, Kathleen ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Changing Date Checks in Audit Reminder Emails
Thanks Wayne and Kurt for your input. So here's the updated proposal: 1) If (1 year + 31 days) < (today - Audit Period End Date) <= (1 year + 93 days) Send Courtesy Audit Reminder https://wiki.mozilla.org/CA/Email_templates#Courtesy_Audit_Reminder_Email_Template 2) If (1 year + 93 days) < (today - Audit Period End Date) <= (1 year + 150 days) Send Overdue Audit Reminder https://wiki.mozilla.org/CA/Email_templates#Overdue_Audit_Statement_Email_Template 3) If (1 year + 150 days) < (today - Audit Period End Date) Send Danger of being Removed notice https://wiki.mozilla.org/CA/Email_templates#Failure_to_Provide_Audit_Statement_Email_Template Thanks, Kathleen ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Changing Date Checks in Audit Reminder Emails
On 2019-02-04 21:33, Kathleen Wilson wrote: All, As you know, CCADB sends audit reminder emails regarding root certs in Mozilla's program on the 3rd Tuesday of each month. We are going to update the date checks for determining when the email gets sent, so that rather than keying off of the Audit Statement Date, the check will key off of the Audit Period End date. I will appreciate input on what the date ranges should be. Here's the current logic with just the change to use Audit Period End Date. 1) If (1 year - 30 days) < Audit Period End Date <= (1 year + 120 days) Send Courtesy Audit Reminder https://wiki.mozilla.org/CA/Email_templates#Courtesy_Audit_Reminder_Email_Template So it would mail this every month, possible for 5 months. I think that's fine. I think it should stop at + 90 days, because it's the overdue. 2) If (1 year + 120 days) < Audit Period End Date <= (1 year + 240 days) Send Overdue Audit Reminder https://wiki.mozilla.org/CA/Email_templates#Overdue_Audit_Statement_Email_Template I think 240 days (8 months) is a rather long period to just say it's overdue. I suggest lowering that to 150 days or 180 days. Kurt ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Changing Date Checks in Audit Reminder Emails
On Mon, Feb 4, 2019 at 1:33 PM Kathleen Wilson via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > All, > > As you know, CCADB sends audit reminder emails regarding root certs in > Mozilla's program on the 3rd Tuesday of each month. > > We are going to update the date checks for determining when the email > gets sent, so that rather than keying off of the Audit Statement Date, > the check will key off of the Audit Period End date. > > Basing the reminders on the prior Audit Period End Date makes sense and is more in line with our policy which states that audit reports "...MUST be provided to Mozilla via the CCADB within three months of the point-in-time date or the end date of the period." > I will appreciate input on what the date ranges should be. > > Here's the current logic with just the change to use Audit Period End Date. > > 1) If > (1 year - 30 days) < Audit Period End Date <= (1 year + 120 days) > Send Courtesy Audit Reminder > > https://wiki.mozilla.org/CA/Email_templates#Courtesy_Audit_Reminder_Email_Template > > The timing for this seems too late if the intent is to remind the CA to get their audit scheduled, and too soon if the intent is to remind the CA that their report is due to Mozilla soon, given that most reports aren't ready until just before the deadline. If the intent is the latter, I'd suggest that the right timing is 1 month before the report is due, i.e. 1 year + 2 months from the prior Audit Period End Date. 2) If > (1 year + 120 days) < Audit Period End Date <= (1 year + 240 days) > Send Overdue Audit Reminder > > https://wiki.mozilla.org/CA/Email_templates#Overdue_Audit_Statement_Email_Template > > I think this email should go out when the report is first overdue, i.e. 1 year + 3 months from the prior Audit Period End Date. 3) If > (1 year + 240 days) < Audit Period End Date > Send Danger of being Removed notice > > https://wiki.mozilla.org/CA/Email_templates#Failure_to_Provide_Audit_Statement_Email_Template > > > For you reference, previous audit reminder email summaries are here: > > https://groups.google.com/d/msg/mozilla.dev.security.policy/IjgFwzGI_H0/8J8LZNlaDgAJ > > Thanks, > Kathleen > > ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Changing Date Checks in Audit Reminder Emails
All, As you know, CCADB sends audit reminder emails regarding root certs in Mozilla's program on the 3rd Tuesday of each month. We are going to update the date checks for determining when the email gets sent, so that rather than keying off of the Audit Statement Date, the check will key off of the Audit Period End date. I will appreciate input on what the date ranges should be. Here's the current logic with just the change to use Audit Period End Date. 1) If (1 year - 30 days) < Audit Period End Date <= (1 year + 120 days) Send Courtesy Audit Reminder https://wiki.mozilla.org/CA/Email_templates#Courtesy_Audit_Reminder_Email_Template 2) If (1 year + 120 days) < Audit Period End Date <= (1 year + 240 days) Send Overdue Audit Reminder https://wiki.mozilla.org/CA/Email_templates#Overdue_Audit_Statement_Email_Template 3) If (1 year + 240 days) < Audit Period End Date Send Danger of being Removed notice https://wiki.mozilla.org/CA/Email_templates#Failure_to_Provide_Audit_Statement_Email_Template For you reference, previous audit reminder email summaries are here: https://groups.google.com/d/msg/mozilla.dev.security.policy/IjgFwzGI_H0/8J8LZNlaDgAJ Thanks, Kathleen ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy