136
edits
Changes
→January 2018 CA Communication: Suggested updates & fixes
* We have never used these methods and our CPS states that we do not use these methods of domain validation.
* We have disclosed our use of these methods of domain validation on the mozilla.dev.security.policy forum and have either stopped using them or implemented and disclosed a mitigation for the vulnerabilities that have been discovered.
* We have not yet disclosed our use of either of these methods, but will do so immediately.Other (please describe below)
<br />
ACTION 1 COMMENTS
<br /><br />
Responses:<br />
* We have never used no valid certificates that were issued using these methods and our CPS states that * We have active (not expired or revoked) certificates issued using BR 3.2.2.4.1, but we do not only use these methodsthis method in a way that already complies with the proposed method 12 in CA/Browser Forum ballot 218. * We use these methods have active (not expired or are permitted by our CPS to use revoked) certificates issued using these methods. We have reviewed our implementation for vulnerabilities and have reported our findings below. * We use these methods have active (not expired or are permitted by our CPS to use revoked) certificates issued using these methods. We will review our implementation for vulnerabilities and report our findings on the mozilla.dev.security.policy list by the date specified in the comments section below.
<br />
ACTION 2 COMMENTS(please include any exceptions to the option you selected above)
<br /><br />
ACTION 3: Disclose All Subordinate CA Certificates
Responses:
* We have already delivered our BR Self Assessment to Kathleen
* We intend to deliver our BR Self Assessment prior to the deadline31-January 2018* We previously requested an extension and intend to deliver our BR Self Assessment prior to 15-April 2018
* We are exempt from completing a BR Self Assessment because our root(s) are not enabled for websites (SSL)
<br />
If you are one of the CAs that indicated in your response to the November 2017 CA Communication that you need more time to update your CPS to comply with version 2.5 of the Mozilla Root Store Policy, please complete the updates no later than 15-April 2018. Mozilla feels that four months is more than long enough to make a CPS change.
<br /><br />
* Our CPS already complies with Mozilla’s root store policy* Our CPS will comply with Mozilla’s root store policy by 15-April 2018
<br /><br />
ACTION 5 COMMENTS
