It's currently only possible for CAs to update the CP/CPS URLs in their
CCADB Root Certificate records by opening a "CA Audit Update Request"
Case. (Each CCADB Root Certificate page says "CAs cannot modify data
for the Root Certificate records. It is verified and maintained by root
store
On 29/07/2019 21:52, Andrew Ayer via dev-security-policy wrote:
> On Wed, 24 Jul 2019 16:41:53 +
> Rob Stradling via dev-security-policy
> wrote:
>
>> [Wearing crt.sh hat]
>>
>> https://crt.sh/mozilla-disclosures now has two new buckets:
>> - Disclosed, but with Inconsistent Audit details
>>
Hi Brenda.
https://crt.sh/mozilla-disclosures now shows more information about why
each intermediate certificate is being flagged as requiring further
disclosure.
I've also added a "Review this Subject CA's CCADB records" link for each
entry in the two new buckets. This searches the CCADB
On Wed, 24 Jul 2019 16:41:53 +
Rob Stradling via dev-security-policy
wrote:
> [Wearing crt.sh hat]
>
> https://crt.sh/mozilla-disclosures now has two new buckets:
> - Disclosed, but with Inconsistent Audit details
> - Disclosed, but with Inconsistent CP/CPS details
>
> (I started
We are curious why our cross-roots are showing up on the list? Can you share
the logic on why these are appearing on the report?
As far as our reviews are concerned, we see that all of these cross-roots are
properly disclosed and have covering audits.
We also see that you have listed CAs where
Thank you Rob! These are excellent additions to this report.
I'd like to ask all the CA representatives on this list to take a look at
the updated report (https://crt.sh/mozilla-disclosures) and correct any
issues with your company's disclosures as soon as possible.
Regarding Peter's earlier
[Wearing Sectigo hat]
Andrew, thanks for filing [1]. Sectigo will provide a full response on
that bug, but I'll just note here that we have updated the CCADB records
for the cross-certificates such that the Audit and CP/CPS details are
now consistent with the Web.com roots. As it happens, I
On Thu, Jul 18, 2019 at 11:40 AM Wayne Thayer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Andrew Ayer filed two bugs yesterday that might be worthy of a bit
> of discussion. They both appear to be in reference to root certificates
> included in the Mozilla program
On Thu, 18 Jul 2019 11:40:31 -0700
Wayne Thayer via dev-security-policy
wrote:
> Andrew Ayer filed two bugs yesterday [1] [2] that might be worthy of
> a bit of discussion.
There's a third bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1567062
Like the GoDaddy case, the intermediate
For the easiest one first: with respect to the GoDaddy disclosure [1 (your
#2)], I can't see either certificate being disclosed in the audit report.
That definitely sounds like a clear and obvious incorrect disclosure - but
perhaps I'm missing something?
With respect to the Sectigo disclosure [2
10 matches
Mail list logo
