Failure in adding a new intermediate certificate to CCADB

Telia CA got information 10th Oct 2018 from Mozilla that one of its 25 intermediate certificates was missing from CCADB. Missing one was created 29th Aug 2018. We verified the issue and fixed it immediately. Incident report: Telia created two new intermediate certificates in 29st Aug 2018. We tr

CCADB System Upgrades October 15, 8am-6pm Pacific Time

All, We will be doing system upgrades to the CCADB on Monday, October 15, 8am-6pm Pacific Time. There will be limited functionality during that time. Kathleen ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mo

Re: Yet more undisclosed intermediates

Thank you Rob. On Tue, Oct 9, 2018 at 3:43 AM Rob Stradling via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > "ACTION 6" of Mozilla's September 2018 CA Communication [1] reminded CAs > of the Mozilla Root Store Policy requirement [2] that > non-technically-constrained inte

Re: Odp.: 46 Certificates issued with BR violations (KIR)

On Tue, Oct 9, 2018 at 5:30 AM Grabowski Piotr wrote: > Hello Wayne, > > Please find our comments below: > > > So far the process for modifying policy templates was controlled by only > one person at the moment. Although these persons > have an extensive experience in PKI and preparing certificat

Re: What does "No Stipulation" mean, and when is it OK to use it in CP/CPS

On Tue, Oct 9, 2018 at 12:48 PM Kathleen Wilson via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Oh, so rather than trying to define what "No Stipulation" means and when > it can be used, we could take a different approach -- list the sections > that cannot contain "No Sti

Re: What does "No Stipulation" mean, and when is it OK to use it in CP/CPS

Oh, so rather than trying to define what "No Stipulation" means and when it can be used, we could take a different approach -- list the sections that cannot contain "No Stipulation" in the CPS. On 10/9/18 12:31 PM, Brown, Wendy (10421) wrote: Tim - I think that statement leaves out the next

RE: What does "No Stipulation" mean, and when is it OK to use it in CP/CPS

Tim - I think that statement leaves out the next paragraph of RFC3647: In a CP, it is possible to leave certain components, subcomponents, and/or elements unspecified, and to stipulate that the required information will be indicated in a policy qualifier, or the document to which a policy quali

RE: What does "No Stipulation" mean, and when is it OK to use it in CP/CPS?

RFC 3647 disagrees: "Rather, a particular CP or CPS may state "no stipulation" for a component, subcomponent, or element on which the particular CP or CPS imposes no requirements or makes no disclosure." " It is recommended that each and every component and subcomponent be included in a CP o

RE: What does "No Stipulation" mean, and when is it OK to use it in CP/CPS?

Kathleen - My interpretation of a "No Stipulation" in a CP is that the Policy has "No rules defined for this section" In these cases, I expect the CPS to state what is actually done in support of that section and therefore "No Stipulation" is not appropriate in a CPS. The CPS should instead sta

Re: What does "No Stipulation" mean, and when is it OK to use it in CP/CPS?

The legal definition that I came acrosss is " In United States law, a stipulation is a formal legal acknowledgment and agreement made between opposing parties before a pending hearing or trial

What does "No Stipulation" mean, and when is it OK to use it in CP/CPS?

All, I would like to create some written rules about using "No Stipulation" in CP and CPS documents; e.g. what it means, and when it is OK to be used. First, I will appreciate your thoughts about what the term "No Stipulation" means. e.g. does it mean one or all of the following? "No rules

Odp.: 46 Certificates issued with BR violations (KIR)

Hello Wayne, Please find our comments below: So far the process for modifying policy templates was controlled by only one person at the moment. Although these persons have an extensive experience in PKI and preparing certificate templates and in common daily duties they work with serveral CA's

Re: Yet more undisclosed intermediates [Telia]

[ Please reply to list, Mozilla NNTP<->mail gateway seems to insert wrong Reply-To ] Telia is a notable case as this seems to be a brand new Intermediary created but not disclosed 1 month ago. On 09/10/2018 12:43, Rob Stradling wrote: "ACTION 6" of Mozilla's September 2018 CA Communication [1]

Re: Yet more undisclosed intermediates [SwissSign]

[ Please reply to list, Mozilla NNTP<->mail gateway seems to insert wrong Reply-To ] It appears from the data that SwissSign has reacted to the requirement by starting to log some of their existing intermediaries in CT, instead of in CCADB. At least at a cursory glance. On 09/10/2018 12:43, Rob

Yet more undisclosed intermediates

"ACTION 6" of Mozilla's September 2018 CA Communication [1] reminded CAs of the Mozilla Root Store Policy requirement [2] that non-technically-constrained intermediate CA certificates... "MUST be publicly disclosed in the CCADB by the CA that has their certificate included in Mozilla's roo