Changes

Jump to: navigation, search

CA/Communications

108 bytes added, 01:38, 27 January 2018
January 2018 CA Communication: Responded to feedback from Kathleen
Dear Certification Authority,
<br /><br />
Because 2018 has already generated some important news for Certification Authorities, and as a result we are sending this message to ensure that every CA in the Mozilla program is aware of current events and impending deadlines.
<br /><br />
This survey requests a set of actions on your behalf, as a participant in Mozilla's CA Certificate Program.
<br /><br />
Responses:<br />
* We have never used these methods and our CP/CPS states that we do not use these methods of domain validation.
* We have disclosed our use of these methods of domain validation on the mozilla.dev.security.policy forum and have either stopped using them or implemented and disclosed a mitigation for the vulnerabilities that have been discovered.
* Other (please describe below)
ACTION 2 COMMENTS (please include any exceptions to the option you selected above)
<br /><br />
ACTION 3: Disclose All Non-Technically-Constrained Subordinate CA Certificates
<br /><br />
Sections 5.3.1 and 5.3.2 of Mozilla Root Store Policy version 2.5 [5] require CAs to publicly disclose (via CCADB [6]) all subordinate CA certificates including those used to issue email S/MIME certificates by 15-January unless they are technically constrained to a whitelist of domains. We have since changed the compliance deadline to 15-April 2018. Certificate monitors have detected over 200 certificates that currently do not comply with this new policy. [7] Please ensure that your CA is in compliance before 15-April 2018.
ACTION 4 COMMENTS
<br /><br />
ACTION 5: Update CP/CPS to Comply with version 2.5 of Mozilla Root Store Policy
<br /><br />
If you are one of the CAs that indicated in your response to the November 2017 CA Communication that you need more time to update your CP/CPS to comply with version 2.5 of the Mozilla Root Store Policy, please complete the updates no later than 15-April 2018. Mozilla feels that four months is more than long enough to make a CP/CPS change.
<br /><br />
* Our CP/CPS already complies with Mozilla’s root store policy* Our CP/CPS will comply with Mozilla’s root store policy by 15-April 2018
<br /><br />
ACTION 5 COMMENTS
<br /><br />
ACTION 6: 825 Day Maximum Validity Periodin SSL Certificates
<br /><br />
On 17-March 2017, in ballot 193, the CA/Browser Forum set a deadline of 1-March 2018 after which newly-issued SSL certificates must not have a validity period greater than 825 days, and the re-use of validation information must be limited to 825 days. As with all other baseline requirements, Mozilla expects all CAs in the program to comply.
Wthayer
136
edits
Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1187674"

Navigation menu