Re: Changing CCADB domains

2017-05-15 Thread Kathleen Wilson via dev-security-policy
Here are the changes we are requesting to be made on Friday, May 19, at 1pm PDT.

1) https://mozillacacommunity.force.com/
will be changed to
https://ccadb.force.com/
(This is the CA login page, and the domain CAs see when they are logged into 
the CCADB)

2) https://mozillacaprogram.secure.force.com/
will be changed to
https://mozilla-ccadb.secure.force.com/
(This is the domain for the Mozilla reports that are published directly from 
the CCADB)

Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy


Re: Changing CCADB domains

2017-05-08 Thread Rob Stradling via dev-security-policy

On 06/05/17 10:25, Jesper Kristensen via dev-security-policy wrote:


Mozilla could CNAME from ccadb.org to .force.com, and then
declare that the ccadb.org URLs are the official ones.

Is that what you meant, Peter?


You cannot set up a CNAME without configuring Salesforce, since they
would not know your Host/SNI header, and they would not serve a cert
that is valid for your domain.


Ah.


You can set up a new domain in Salesforce while keeping the old
mozillacacommunity.force.com without premium support, as long as the new
domain is a custom domain and not a force.com domain.


Or Mozilla could setup https://login.ccadb.org to simply return an HTTP 
temporary redirect to .force.com.


--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy


Re: Changing CCADB domains

2017-05-05 Thread Rob Stradling via dev-security-policy

On 05/05/17 16:08, Gervase Markham via dev-security-policy wrote:

On 05/05/17 10:22, Rob Stradling wrote:

Mozilla could CNAME from ccadb.org to .force.com, and then
declare that the ccadb.org URLs are the official ones.


It would need to be .ccadb.org, as we plan to use
www.ccadb.org as an introductory website for the CCADB, once Mozilla IT
configures things correctly ;-)


How about...

login.ccadb.org => mozillacacommunity.force.com
(to be changed on May 19th to => ccadb.force.com)

reports.ccadb.org => mozillacaprogram.secure.force.com
(to be changed on May 19th to => ccadb.secure.force.com)

?

--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy


Re: Changing CCADB domains

2017-05-05 Thread Gervase Markham via dev-security-policy
On 05/05/17 10:22, Rob Stradling wrote:
> Mozilla could CNAME from ccadb.org to .force.com, and then
> declare that the ccadb.org URLs are the official ones.

It would need to be .ccadb.org, as we plan to use
www.ccadb.org as an introductory website for the CCADB, once Mozilla IT
configures things correctly ;-)

Gerv
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy


Re: Changing CCADB domains

2017-05-05 Thread Rob Stradling via dev-security-policy

On 05/05/17 04:25, Peter Bowen via dev-security-policy wrote:

On Wed, May 3, 2017 at 10:52 AM, Kathleen Wilson via
dev-security-policy  wrote:

All,

I think it is time for us to change the domains that we are using for the CCADB 
as follows.

Change the links for...

1)  CAs to login to the CCADB
from
https://mozillacacommunity.force.com/
to
https://ccadb.force.com/

2) all published reports
from
https://mozillacaprogram.secure.force.com/
to
https://ccadb.secure.force.com/


We asked Salesforce for a temporary redirect from the old to the new URLs, but 
that was declined because we're not paying for premium support for the CCADB. 
(Other than this change, I do not currently see the need for us to pay for 
premium support.)


Is it also a "premium" feature to use custom domain names?  I think it
would probably make sense to use ccadb.org (which seems to belong to
Mozilla) rather than force.com.


Mozilla could CNAME from ccadb.org to .force.com, and then 
declare that the ccadb.org URLs are the official ones.


Is that what you meant, Peter?

--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy


Re: Changing CCADB domains

2017-05-04 Thread Peter Bowen via dev-security-policy
On Wed, May 3, 2017 at 10:52 AM, Kathleen Wilson via
dev-security-policy  wrote:
> All,
>
> I think it is time for us to change the domains that we are using for the 
> CCADB as follows.
>
> Change the links for...
>
> 1)  CAs to login to the CCADB
> from
> https://mozillacacommunity.force.com/
> to
> https://ccadb.force.com/
>
> 2) all published reports
> from
> https://mozillacaprogram.secure.force.com/
> to
> https://ccadb.secure.force.com/
>
>
> We asked Salesforce for a temporary redirect from the old to the new URLs, 
> but that was declined because we're not paying for premium support for the 
> CCADB. (Other than this change, I do not currently see the need for us to pay 
> for premium support.)

Is it also a "premium" feature to use custom domain names?  I think it
would probably make sense to use ccadb.org (which seems to belong to
Mozilla) rather than force.com.

Thanks,
Peter
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy


Re: Changing CCADB domains

2017-05-04 Thread Kathleen Wilson via dev-security-policy
On Wednesday, May 3, 2017 at 1:21:29 PM UTC-7, Nick Lamb wrote:
> If you believe there are, or are likely to be, CAs trying to fill out the 
> survey a bit late, it may make sense to wait for that before triggering this 
> change, so as to avoid the (it seems almost inevitable) response that they 
> tried to do the survey but they were using the old link and it didn't work...


Good point. We will ask Salesforce to make this change on May 19.

Thanks,
Kathleen
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy


Re: Changing CCADB domains

2017-05-03 Thread Nick Lamb via dev-security-policy
Thanks for your notice Kathleen.

One thought: Very often several CAs ask for more time to complete the Mozilla 
survey, either explicitly, or implicitly by just not filling it out in a timely 
fashion and saying they're very busy and will do it "soon" if they're asked.

If you believe there are, or are likely to be, CAs trying to fill out the 
survey a bit late, it may make sense to wait for that before triggering this 
change, so as to avoid the (it seems almost inevitable) response that they 
tried to do the survey but they were using the old link and it didn't work...
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy