Changes

Jump to: navigation, search

CA/Communications

4,523 bytes added, 18:15, 13 April 2021
Added April 2021 CA Communication
The following are communications that have been sent to Certification Authorities participating in [[CA | Mozilla's root program.]] If you have questions regarding these communications, please first review related discussions in the mozilla.dev.security.policy forum. If your questions cannot be answered in that forum, then please send email to certificates@mozilla.org.
 
== April 2021 CA Communication ==
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommunicationSurveySample?CACommunicationId=a054o00000EL1Fo Read-only copy of April 2021 CA Communication]
** CAs: This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], click on the 'CA Communications (Page)' tab, and select the 'April 2021 CA Communication' survey.
** Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a good 'survey submitted' response''' -- there are required fields.
<br />
Dear Certification Authority,
<br>
<br>
Mozilla’s Root Store Policy was recently updated to [[version 2.7.1|https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/]] with an effective date of 1 May 2021. This version contains [https://github.com/mozilla/pkipolicy/pull/223 several changes] that may affect your organization and the audits you receive from your auditors. These changesy require you to take action to ensure your continued compliance.
<br>
Please review version 2.7.1 of [https://www.mozilla.org/projects/security/certs/policy/ Mozilla’s Root Store Policy] internally, and with your auditors as well. After you and your auditors have reviewed these new requirements, complete the April 2021 survey via the Common CA Database (CCADB). This survey also contains information regarding other recent and upcoming changes that may affect your Certification Authority (CA).
<br>
To respond to this survey, [https://ccadb.org/cas/ log in to the CCADB], click on the 'CA Communications (Page)' tab, and select the 'April 2021 CA Communication' survey. All CAs with root certificates included in Mozilla’s root store must submit their responses by 30-April-2021.
<br>
<br>A compiled list of CA responses to the survey will be [https://wiki.mozilla.org/CA/Communications automatically and immediately published] by the CCADB system.
<br>
<br>
Participation in Mozilla's CA Certificate Program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe. Nevertheless, we believe that the best approach to safeguard that security is to work with CAs as partners, to foster open and frank communication, and to be diligent in looking for ways to improve. Thank you for your cooperation in this pursuit.
<br>
<br>Regards,
<br>Ben Wilson
<br>Mozilla CA Program Manager
 
=== April 2021 Responses ===
The reports in the following links are automatically generated from data in the [http://ccadb.org/ Common CA Database (CCADB)].
 
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00129 Responses to Item 1] -- Review Version 2.7.1 of Mozilla's Root Store Policy
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00131 Responses to Item 2] -- 398-day reuse period on domain/IP address validation
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00132,Q00144 Responses to Item 3] -- Clarification about EV Audit Requirements
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00133,Q00145 Responses to Item 4] -- Annual Audit Covering the CA Key Pair Lifecycle
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00136,Q00146 Responses to Item 5] -- Audit Team Qualifications
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00137 Responses to Item 6] -- List of Incidents in Audit Reports
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00140,Q00148 Responses to Item 7] -- Methods to Demonstrate Key Compromise
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00141,Q00158,Q00157,Q00156,Q00151 Responses to Item 8] -- Removal of Old Root CA Certificates
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00152,Q00153 Responses to Item 9] -- Audit Letter Validation on Intermediate Certificates
== May 2020 CA Communication ==
Confirm, administrator
5,407
edits

Navigation menu