Forwarded Message
Subject: Summary of February 2017 Audit Reminder Emails
Date: Tue, 21 Feb 2017 20:00:51 + (GMT)
Mozilla: Audit Reminder
Root Certificates:
ISRG Root X1
Standard Audit: https://cert.webtrust.org/SealFile?seal=1987=pdf
Audit Statement Date: 2015-12-15
BR
On Tuesday, March 21, 2017 at 7:17:26 AM UTC-7, Gervase Markham wrote:
> On 17/03/17 11:30, Gervase Markham wrote:
> > The URL for the draft of the next CA Communication is here:
> >
On Tuesday, March 21, 2017 at 5:51:29 AM UTC-7, Kurt Roeckx wrote:
> On 2017-03-21 12:51, Jakob Bohm wrote:
> > On 21/03/2017 10:09, Kurt Roeckx wrote:
> >> Action 6 says:
I've updated action #6, but it still might not be clear.
Here's the new draft:
ACTION 6: QUALIFIED AUDIT STATEMENTS
When
On Tuesday, March 21, 2017 at 11:34:30 AM UTC-7, Gervase Markham wrote:
> On 21/03/17 10:16, Gervase Markham wrote:
> > On 17/03/17 11:30, Gervase Markham wrote:
> >> The URL for the draft of the next CA Communication is here:
> >>
All,
Within the next few days, we plan to start sending automated email reminders to
CAs about their intermediate cert records in the Common CA Database that are
missing audit or CP/CPS information.
The email template is here:
All,
This request is to include the "GDCA TrustAUTH R5 ROOT" certificate, turn on
the Websites trust bit, and enabled EV treatment.
In order to help get this discussion moving again, I asked GDCA to provide a
side-by-side comparison of the latest version of the BRs with their CP/CPS
All,
As mentioned in the GDCA discussion[1], I would like to add a step to Mozilla's
CA Inclusion/Update Request Process[2] in which the CA performs a
self-assessment about their compliance with the CA/Browser Forum's Baseline
Requirements.
A draft of this new step is here:
On Wednesday, March 29, 2017 at 2:00:05 PM UTC-7, Jeremy Rowley wrote:
> ...
> An extension on this could be to have CAs annually file an updated mapping
> with their WebTrust audit. That way it's a reminder that the CA needs to
> notify Mozilla of changes in their process and keeps the CAs
On Thursday, March 30, 2017 at 10:35:37 AM UTC-7, Kathleen Wilson wrote:
> Within the next few days, we plan to start sending automated email reminders
> to CAs about their intermediate cert records in the Common CA Database that
> are missing audit or CP/CPS information.
>
> The email template
On Friday, March 24, 2017 at 3:11:17 AM UTC-7, Gervase Markham wrote:
> On 23/03/17 23:07, Kathleen Wilson wrote:
> > Second paragraph of Action 1 now says: ~~ Note that version 1.4.2 of
> > the BRs does not contain all 10 of these methods, but it does contain
> > section 3.2.2.4.11, "Other
On Monday, March 20, 2017 at 10:59:41 AM UTC-7, Peter Bowen wrote:
> On Mon, Mar 20, 2017 at 10:43 AM, Jeremy Rowley via
> > [JR] This should be limited to SSL certs IMO. With client certs, you're
> > going
> > to get a lot more RAs that likely function under the standard or legal
> > framework
On Monday, March 20, 2017 at 1:37:32 PM UTC-7, Jeremy Rowley wrote:
> Something like: "Does your CA have any third-party Registration Authority
> (RA)s program that the CA relies on to perform the domain validation
> required under Section 3.2.2.4 of the Baseline Requirements."
Updated
On Monday, March 20, 2017 at 2:43:22 PM UTC-7, Gervase Markham wrote:
> On 20/03/17 15:33, Kathleen Wilson wrote:
> >> * Action 7: some of the BR Compliance bugs relate to CAs which are no
> >> longer trusted, like StartCom. If StartCom does become a trusted CA
> >> again, it will be with new
On Friday, March 17, 2017 at 9:17:07 AM UTC-7, Peter Bowen wrote:
> I would replace this with:
>
> + Distinguished name and SHA-256 hash of the SubjectPublicKeyInfo of
> each certificate issuer covered by the audit scope
> + Clear indication of which in-scope certificate issuers are Root CAs
>
All,
My apologies for taking so long to get back to this discussion about the
Government of Taiwan's (GRCA's) request to include their Government Root
Certification Authority root certificate, and turn on the Websites and Email
trust bits.
Note that GRCA has suggested that this root be
Thanks to those of you who have reviewed and commented on this request from the
Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM), to include the
"TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" root certificate, and enable
the Websites trust bit.
I believe that all of the questions
On Wednesday, March 15, 2017 at 9:56:25 AM UTC-7, Kathleen Wilson wrote:
> Thanks to those of you who have reviewed and commented on this request from
> the Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM), to include
> the "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" root
Here's a summary of the audit reminder email that was sent today.
Note that the email now tells CAs to provide their annual updates via the
Common CA Database, as follows.
"Please provide your annual updates via the Common CA Database (CCADB), as
described here:
On Tuesday, April 4, 2017 at 10:38:28 AM UTC-7, Kathleen Wilson wrote:
>
> The email has been sent, and the survey is open.
>
Published a security blog about it:
https://blog.mozilla.org/security/2017/04/04/mozilla-releases-version-2-4-ca-certificate-policy/
Cheers,
Kathleen
I updated https://wiki.mozilla.org/CA:BRs-Self-Assessment to add a section
called 'Annual BR Self Assessment', which states:
"CAs with included root certificates that have the Websites trust bit set must
do an annual self-assessment of their compliance with the BRs, and must update
their CP
On Saturday, April 1, 2017 at 3:59:28 AM UTC-7, Gervase Markham wrote:
> On 31/03/17 22:20, Kathleen Wilson wrote:
> > Please let me know asap if you see any problems, typos, etc. in this
> > version.
>
> Now that policy 2.4.1 has been published, we should update Action 3 to
> say the following
On Monday, April 3, 2017 at 2:21:14 PM UTC-7, Kathleen Wilson wrote:
> All,
>
> I'm getting ready to send the April 2017 CA Communication email.
>
> I updated the wiki page to have the survey introduction text, and a
> (read-only) link to the full survey:
>
I have moved the draft of the April 2017 CA Communication to production, so the
link has changed to:
https://mozillacaprogram.secure.force.com/Communications/CACommunicationSurveySample?CACommunicationId=a05o03WrzBC
It is also available here:
All,
I've been receiving requests from CAs for an extension to when they need to
respond to the April 2017 CA Communication.
https://wiki.mozilla.org/CA:Communications#April_2017
"To respond to this survey, login to the Common CA Database (CCADB), click on
the 'CA Communications (Page)' tab,
Thank you to those of you who have reviewed this request, and to those of you
who have participated in this discussion.
I am now closing this discussion, and I will update the bug to recommend
approval of this request from D-TRUST to include the D-TRUST Root CA 3 2013
root certificate and
On Wednesday, December 21, 2016 at 11:03:18 AM UTC-8, Kathleen Wilson wrote:
> This request from D-TRUST is to included the ‘D-TRUST Root CA 3 2013’ root
> certificate and enable the Email trust bit.
>
> D-TRUST GmbH is a subsidiary of Bundesdruckerei GmbH and is fully owned by
> the German
Thank you Andrew and Ryan for your feedback on this request to include the
"TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" root certificate, and enable
the Websites trust bit.
Note that the new SHA-256 root certificate will replace the SHA1 “TÜBİTAK UEKAE
Kök Sertifika Hizmet Sağlayıcısı -
On Monday, April 3, 2017 at 10:13:22 AM UTC-7, Kathleen Wilson wrote:
> https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/
> still shows version 2.4.
It's been updated to version 2.4.1.
Thanks,
Kathleen
___
All,
The Common CA Database has been updated with the new CCADB logos.
This means that when you go to login to the CA Community, at
https://mozillacacommunity.force.com
you will see the full "Common CA Database" logo.
(before it just had the old "mozilla" logo).
And when you are logged into
On Saturday, April 22, 2017 at 5:25:35 AM UTC-7, wangs...@gmail.com wrote:
> We have a question about completing the BR self assessment,
> is it necessary that all the BRs requirements appear in
> relevant sections of the CP/CPS?
It is OK if the information is in different sections in the
All,
This is just for informational purposes...
I have filed Bug #1359112 to update the Bugzilla Product/Components for the CA
Program Bugs.
The bugs asks:
~~
Current Product: NSS
Current Component Name: CA Certificates
change to
Product: NSS
Component Name: CA Certificate Code
Current
On Wednesday, August 2, 2017 at 2:13:40 PM UTC-7, Jeremy Rowley wrote:
> Today, DigiCert and Symantec announced that DigiCert is acquiring the
> Symantec CA assets, including the infrastructure, personnel, roots, and
> platforms. At the same time, DigiCert signed a Sub CA agreement wherein we
>
Jonathan, Thank you for bringing this to our attention.
I have filed two bugs...
1) https://bugzilla.mozilla.org/show_bug.cgi?id=1386891
Certinomis: Cross-signing of StartCom intermediate certs, and delay in
reporting it in CCADB
2) https://bugzilla.mozilla.org/show_bug.cgi?id=1386894
Add
All,
I have conflicting opinions about this situation:
On the one hand, I want to see better behavior, and am inclinded to add these
two intermediate certs to OneCRL, and tell StartCom and Certinomis to start
over and do things right.
On the other hand, I'm not convinced yet that the issued
On Monday, July 10, 2017 at 12:47:31 PM UTC-7, Kathleen Wilson wrote:
> I also think we should remove the old WoSign root certs from NSS.
>
> Reference:
> https://wiki.mozilla.org/CA/Additional_Trust_Changes#WoSign
> ~~
> Mozilla currently recommends not trusting any certificates issued by this
On Thursday, August 3, 2017 at 3:09:25 PM UTC-7, Kurt Roeckx wrote:
> I would really like to see that they have at least opened a bug to
> request the inclusion of that CA before it's cross-signed.
Here's StartCom's current root inclusion request:
On Thursday, August 3, 2017 at 4:34:27 PM UTC-7, Ryan Sleevi wrote:
> I do hope you can clarify whether remediations apply to keys operated by
> organizations, or whether they apply to the organization themselves.
https://bugzilla.mozilla.org/show_bug.cgi?id=1311832
says: "StartCom may apply
All,
While I understand the desire to normally have one Bugzilla Bug per root cause
per CA, I do not have the bandwidth to do this.
So, I am going to create one bug per CA that I find in the recent m.d.s.policy
posts, and list all of the problems pertaining to that CA in their bug.
Thanks to
All,
I have gone through the July/August posts in m.d.s.policy in order to determine
which Bugzilla Bugs I should file.
There are two outliers:
~~
** Undisclosed intermediates, or those missing audits
I have been working diligently on intermediate cert disclosures in the CCADB
for many months
Feedback will be appreciated on the following draft for the Bugzilla Bugs that
I will be filing for the problems listed below.
Product: NSS
Component: CA Certificate Mis-Issuance
Whiteboard: [ca-compliance]
Blocks: 1029147
Summary: : Non-BR-Compliant Certificate Issuance
Description:
The
On Tuesday, August 15, 2017 at 12:46:36 PM UTC-7, Ryan Sleevi wrote:
>
> The requirement for revocation comes from the Baseline Requirements.
>
> Could you clarify your expectations regarding CAs' violation of the
> Baseline Requirements with respect to these issues and Section 4.9.1.1.
Are you
Forwarded Message
Subject: Summary of August 2017 Audit Reminder Emails
Date: Tue, 15 Aug 2017 19:00:07 + (GMT)
Mozilla: Overdue Audit Statements
Root Certificates:
Autoridad de Certificacion Firmaprofesional CIF A62634068
Standard Audit:
On Tuesday, August 15, 2017 at 1:00:04 PM UTC-7, Jonathan Rudenberg wrote:
> It’s worth noting that with the exception of the metadata-only
> subject fields issue, Alex and I have attempted to contact every
> CA listed directly via their public certificate problem reporting channels.
Good
On Tuesday, August 15, 2017 at 3:53:06 PM UTC-7, Jonathan Rudenberg wrote:
> It would be useful to know when and through what channel the CA learned about
> each of the problems listed. (problem report via email at date/time;
> known/unresolved issue since date; mailing list post at date/time;
Updated draft for the Bugzilla Bugs that I will be filing for the problems
listed below.
Product: NSS
Component: CA Certificate Mis-Issuance
Whiteboard: [ca-compliance]
Blocks: 1029147
Summary: : Non-BR-Compliant Certificate Issuance
Description:
The following problems have been found in
Bugs filed...
== Actalis ==
https://bugzilla.mozilla.org/show_bug.cgi?id=1390974
== Camerfirma ==
https://bugzilla.mozilla.org/show_bug.cgi?id=1390977
== Certinomis ==
https://bugzilla.mozilla.org/show_bug.cgi?id=1390978
== certSIGN ==
https://bugzilla.mozilla.org/show_bug.cgi?id=1390979
==
I also think we should remove the old WoSign root certs from NSS.
Reference:
https://wiki.mozilla.org/CA/Additional_Trust_Changes#WoSign
~~
Mozilla currently recommends not trusting any certificates issued by this CA
after October 21st, 2016. That recommendation covers the following roots:
And I think we should remove the old StartCom root certs from NSS.
Reference:
https://wiki.mozilla.org/CA/Additional_Trust_Changes#StartCom
~~
Mozilla currently recommends not trusting any certificates issued by this CA
after October 21st, 2016. That recommendation covers the following roots:
Forwarded Message
Subject: Summary of July 2017 Audit Reminder Emails
Date: Tue, 18 Jul 2017 19:00:05 + (GMT)
Mozilla: Audit Reminder
Root Certificates:
LuxTrust Global Root 2
Standard Audit: https://bugzilla.mozilla.org/attachment.cgi?id=8777887
Audit Statement Date:
The updated documents are also posted on the CA's website:
https://www.gdca.com.cn/customer_service/knowledge_universe/cp_cps/
Current audit statements are here:
WebTrust CA: https://cert.webtrust.org/ViewSeal?id=2231
WebTrust BR: https://cert.webtrust.org/ViewSeal?id=2232
WebTrust EV SSL:
Thanks to all of you who reviewed and commented on this request from Guangdong
Certificate Authority (GDCA) to include the GDCA TrustAUTH R5 ROOT certificate,
turn on the Websites trust bit, and enabled EV treatment.
I believe that all of the concerns that were raised in this discussion have
All,
The responses to Mozilla's April 2017 CA Communication are being published here:
https://wiki.mozilla.org/CA:Communications#April_2017_Responses
Reminder:
I have postponed the response deadline to May 5, and I made a note of that here:
https://wiki.mozilla.org/CA:Communications#April_2017
The Bugzilla Product/Components for CA Program bugs have been changed.
All of the CA Program bugs are now in the NSS Product group in Bugzilla.
The NSS Product group in Bugzilla now has the following Components:
Build
CA Certificate Mis-Issuance
CA Certificate Root Program
CA Certificates Code
All,
As many of you know, Aaron Wu has been doing the Information Verification[1]
for root inclusion/update requests, has helped me organize the CA Program
Bugzilla Bugs[2], and continues to expand in his role in helping with Mozilla's
CA Certificates Module[3].
I have asked Aaron to begin
> might be able to capture freeform text (perhaps unattributed) as to why
Sure, below is a summary in my own words of why CAs are asking for an
extension. Note that the April 2017 survey has many more action items than
previous CA Communications, so I think it is reasonable that CAs might need
I added a note about the extension to May 5 to
https://wiki.mozilla.org/CA:Communications#April_2017
Cheers,
Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Filed bug for GoDaddy:
https://bugzilla.mozilla.org/show_bug.cgi?id=1391429
Thanks,
Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Thank you to everyone who has reviewed and commented on this request from
TrustCor to include the “TrustCor RootCert CA-1”, “TrustCor RootCert CA-2”, and
“TrustCor ECA-1” root certificates and enable the Websites and Email trust bits.
I believe that all of the questions and concerns have been
I will proceed with filing these bugs now.
Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
On Friday, August 18, 2017 at 6:35:23 AM UTC-7, Gervase Markham wrote:
> On 17/08/17 00:18, Kathleen Wilson wrote:
> > == Let’s Encrypt ==
> > RESOLVED (no bug needed)
>
> > == Staat der Nederlandend / PKIoverheid ==
> > RESOLVED (no bug needed)
>
> While the timely responses and performance of
I have filed Bug #1392849 to remove the old StartCom root certificates. This
will likely happen in the October batch of root changes.
Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
All,
I think it is time for us to change the domains that we are using for the CCADB
as follows.
Change the links for...
1) CAs to login to the CCADB
from
https://mozillacacommunity.force.com/
to
https://ccadb.force.com/
2) all published reports
from
On Tuesday, May 9, 2017 at 10:03:53 AM UTC-7, Kurt Roeckx wrote:
>
> Do we somewhere have the official templates being used to send
> reminders of the audit requirements?
Unofficial templates:
https://wiki.mozilla.org/CA:Email_templates
The official templates are in Salesforce, but currently
Here are the changes we are requesting to be made on Friday, May 19, at 1pm PDT.
1) https://mozillacacommunity.force.com/
will be changed to
https://ccadb.force.com/
(This is the CA login page, and the domain CAs see when they are logged into
the CCADB)
2)
Forwarded Message
Subject: Summary of June 2017 Audit Reminder Emails
Date: Tue, 20 Jun 2017 19:00:06 + (GMT)
Mozilla: Audit Reminder
Root Certificates:
Atos TrustedRoot 2011
Standard Audit:
All,
We've added new Auditor objects to the Common CA Database. Previously auditor
information was just in text fields, and the same auditor could be represented
different ways. Now we will have a master list of auditors that CAs can select
from when entering their Audit Cases to provide their
I just filed https://bugzilla.mozilla.org/show_bug.cgi?id=1374381 about an
audit statement that I received for SwissSign. I have copied the bug
description below, because I am concerned that there still may be ETSI auditors
(and CAs?) who do not understand the audit requirements, see below.
On Monday, June 19, 2017 at 12:21:46 PM UTC-7, Peter Bowen wrote:
> It seems there is some confusion. The document presented would appear
> to be a Verified Accountant Letter (as defined in the EV Guidelines)
> and can used as part of the process to validate a request for an EV
> certificate. It
All,
Below is the draft email that I plan to send later today, after we have final
confirmation from Salesforce regarding these proposed changes.
I will appreciate your feedback on this.
Thanks,
Kathleen
Subject: Common CA Database (CCADB) changes May 19-21, 2017
Dear Certification
CAs,
I was testing some changes in my CCADB Sandbox, and accidentally sent out audit
reminder email from it. So, if you get an email with the subject "Sandbox:
Mozilla: Audit Reminder" you can ignore it. It's likely a duplicate of the
email you received last Tuesday.
I apologize for the spam.
I've been receiving questions about this update, so hopefully the following
will clarify...
CAs now login to the CCADB at this URL:
https://ccadb.force.com
There is no login required to view the public-facing reports and the responses
to the CA Communications. The links to those have been
On Wednesday, March 15, 2017 at 5:01:13 PM UTC-7, Kathleen Wilson wrote:
>
> So, if there are no further questions or comments about this CA's request,
> then I will close this discussion and recommend approval in the bug.
>
All,
I requested that this CA perform a BR Self Assessment, and
On Friday, May 26, 2017 at 2:50:16 AM UTC-7, Gervase Markham wrote:
> On 26/05/17 01:01, Kathleen Wilson wrote:
> > Known problems: - Some CAs did not provide their CAA (Certification
> > Authority Authorization) information correctly, so that column is
> > empty for them. Note that some CAs do
All,
We have added the following two reports to
https://wiki.mozilla.org/CA/Included_Certificates
1) CAs with Included Certificates
https://ccadb-public.secure.force.com/mozilla/CAInformationReport
2) CAs with Included Certificates (CSV)
On Thursday, May 18, 2017 at 10:08:32 AM UTC-7, Kathleen Wilson wrote:
> All,
>
> Below is the draft email that I plan to send later today, after we have final
> confirmation from Salesforce regarding these proposed changes.
>
We received confirmation from Salesforce that these changes to the
On Thursday, May 18, 2017 at 10:08:32 AM UTC-7, Kathleen Wilson wrote:
>
> On May 19 the following three breaking changes are planned, meaning that the
> old URLs will no longer work. Any links or bookmarks to these URLs will need
> to be updated. ...
>
> 1) The CA login page and the domain
On Friday, May 19, 2017 at 8:42:40 AM UTC-7, Gervase Markham wrote:
>
> I have passed that document to Kathleen, and I hope she will be
> endorsing this general direction soon, at which point it will no longer
> be a draft.
>
> Assuming she does, this will effectively turn into a 3-way
Forwarded Message
Subject: Summary of May 2017 Audit Reminder Emails
Date: Tue, 16 May 2017 19:00:29 + (GMT)
Mozilla: Audit Reminder
Root Certificates:
Autoridad de Certificacion Firmaprofesional CIF A62634068
Standard Audit:
On Friday, May 26, 2017 at 9:32:57 AM UTC-7, Kathleen Wilson wrote:
> On Wednesday, March 15, 2017 at 5:01:13 PM UTC-7, Kathleen Wilson wrote:
> All,
>
> I requested that this CA perform a BR Self Assessment, and they have attached
> their completed BR Self Assessment to the bug here:
>
All,
Gerv is leading the effort to clean up Mozilla's Root Store related wiki pages.
The contents of https://wiki.mozilla.org/CA:Overview have been moved to
https://wiki.mozilla.org/CA and cleaned up.
The previous contents of https://wiki.mozilla.org/CA have been moved to
On Wednesday, May 3, 2017 at 1:21:29 PM UTC-7, Nick Lamb wrote:
> If you believe there are, or are likely to be, CAs trying to fill out the
> survey a bit late, it may make sense to wait for that before triggering this
> change, so as to avoid the (it seems almost inevitable) response that they
Forwarded Message
Subject: Summary of September 2017 Audit Reminder Emails
Date: Tue, 19 Sep 2017 19:00:08 + (GMT)
Mozilla: Overdue Audit Statements
Root Certificates:
Autoridad de Certificacion Firmaprofesional CIF A62634068
Standard Audit:
On Wednesday, September 20, 2017 at 6:34:04 AM UTC-7, Kurt Roeckx wrote:
> On 2017-09-20 01:09, Kathleen Wilson wrote:
> > Forwarded Message
> > Subject: Summary of September 2017 Audit Reminder Emails
> > Date: Tue, 19 Sep 2017 19:00:08 + (GMT)
> >
> > Mozilla: Overdue
Thank you to those of you who reviewed and commented on this request from
SSL.com to include the “SSL.com Root Certification Authority RSA”, “SSL.com
Root Certification Authority ECC”, “SSL.com EV Root Certification Authority RSA
R2”, and “SSL.com EV Root Certification Authority ECC” root
I'm going to file the Bugzilla Bugs for each of these CAs, as follows.
==
Bug Summary: : Non-BR-Compliant OCSP Responders
Bug Description:
Problems have been found with OCSP responders for this CA, and reported in the
mozilla.dev.security.policy forum here:
> This request from the Dhimyotis/Certigna is to include the
> SHA-256 ‘Certigna Root CA’ certificate and turn on the
> Websites and Email trust bits. This root certificate will
> eventually replace the SHA-1 ‘Certigna’ root certificate
> that was included via Bugzilla #393166.
> ...
> The
Bugs filed…
>
> AS Sertifitseerimiskeskuse (SK)
>
Bug #1398233
>
> Autoridad de Certificacion Firmaprofesional
>
Bug #1398240
>
> CA Disig a.s. (Fixed as of 2017-08-31)
>
Bug #1398242
>
> certSIGN (partially resolved)
>
Bug #1398243
>
> Consorci Administració Oberta de Catalunya
Posted:
https://blog.mozilla.org/security/2017/08/30/removing-disabled-wosign-startcom-certificates-firefox-58/
I will look into getting this translated and published in China.
Thanks,
Kathleen
___
dev-security-policy mailing list
On Thursday, September 7, 2017 at 1:23:17 AM UTC-7, Buschart, Rufus wrote:
> I have a question regarding the meaning of:
>
> > * The latest versions of the WebTrust and ETSI audit criteria are now
> > required, and auditors are required to be appropriately qualified.
I will delete that sentence
All,
Here is a draft of a security blog about version 2.5 of Mozilla's Root Store
Policy. I will greatly appreciate constructive feedback about it.
Thanks,
Kathleen
== Mozilla Releases Version 2.5 of Root Store Policy ==
Recently, Mozilla released version 2.5 of our Root Store Policy, which
In past incidents, we have provided a list of action items that the CA must
complete before they can be re-included in Mozilla's root store.
What action items do you all think PROCERT should complete before they can be
re-included in Mozilla's root store?
What do you think should happen if
On Friday, September 29, 2017 at 2:52:49 PM UTC-7, Eric Mill wrote:
> That dynamic is natural, but accepting that this dynamic exists is
> different than giving into it in some absolute way. When offering second
> chances, requiring that the person/org fulfill certain conditions that
> speak
Thanks again to everyone reviewed and commented on this request from TrustCor.
I am now closing this discussion, and will recommend approval in the bug to
include the “TrustCor RootCert CA-1”, “TrustCor RootCert CA-2”, and “TrustCor
ECA-1” root certificates and enable the Websites and Email
On Friday, August 4, 2017 at 12:01:15 AM UTC-7, Percy wrote:
> I suggest that Mozilla can post an announcement now about the complete
> removal of WoSign/StartCom to alert website developers. I suspect that a
> moderate amount of Chinese websites are still using WoSign certs chained to
> the
Bug Filed regarding PROCERT Action Items:
https://bugzilla.mozilla.org/show_bug.cgi?id=1405862
Thanks,
Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Bugs filed, or already existed…
To the CAs who have already responded here in this discussion, please also
copy-paste your incident report into the bug.
> >
> > Issuer: https://crt.sh/?caid=140
> >Issuer O: AC Camerfirma SA CIF A82743287
> > Issuer CN: Chambers of Commerce Root
> >
A lot of the delay this time is in regards to our new Audit Case process. We'll
work to get this cleared up this month.
Forwarded Message
Subject: Summary of October 2017 Audit Reminder Emails
Date: Tue, 17 Oct 2017 19:00:06 + (GMT)
Mozilla: Overdue Audit Statements
Root
On Tuesday, October 17, 2017 at 2:44:11 PM UTC-7, Kathleen Wilson wrote:
> A lot of the delay this time is in regards to our new
> Audit Case process.
> We'll work to get this cleared up this month.
To those of you CAs who have correctly followed the instructions for providing
your annual
All,
The following report lists data for all root and intermediate cert
records in the CCADB.
https://ccadb-public.secure.force.com/mozilla/AllCertificateRecordsCSVFormat
A link to this report is here:
http://ccadb.org/resources
Cheers,
Kathleen
On Monday, November 20, 2017 at 7:51:59 AM UTC-8, Gervase Markham wrote:
> Dear m.d.s.p.,
>
> We appear to again have a problem with messages posted via the Google
> Groups web UI making it to all subscribers on the list:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1412993
>
> Until that
1 - 100 of 345 matches
Mail list logo
