Confirmed users, Administrators
5,526
edits
CA/Communications: Difference between revisions
→May 12, 2014
m (→May 12, 2014) |
|||
| Line 49: | Line 49: | ||
* B) We have previously issued certificates with the following problems listed in the mozpkix-testing#Things_for_CAs_to_Fix wiki page: <list the problems that needed to be fixed>. The last of those certificates expire <insert dates here, one date per problem>. We will not issue new certificates with the problems listed in the mozpkix-testing#Things_for_CAs_to_Fix wiki page as of this date: <date when your operations will be updated, no later than June 30, 2014> | * B) We have previously issued certificates with the following problems listed in the mozpkix-testing#Things_for_CAs_to_Fix wiki page: <list the problems that needed to be fixed>. The last of those certificates expire <insert dates here, one date per problem>. We will not issue new certificates with the problems listed in the mozpkix-testing#Things_for_CAs_to_Fix wiki page as of this date: <date when your operations will be updated, no later than June 30, 2014> | ||
5) Send Mozilla information about your publicly disclosed | 5) Send Mozilla information about your publicly disclosed subordinate CA certificates that chain up to certificates in Mozilla's CA program, as per Items #8, 9, and 10 of Mozilla's CA Certificate Inclusion Policy. | ||
Please provide a URL to a web page or a Bugzilla Bug Number that lists all of your publicly disclosed | Please provide a URL to a web page or a Bugzilla Bug Number that lists all of your publicly disclosed subordinate CA certificates that chain up to certificates in Mozilla's CA program, and contains the required information according to section 10 of Mozilla's CA Certificate Inclusion Policy. If you decide to use the mozilla.org Bugzilla system to provide this information, then file the bug against the "CA Certificates" component of the "mozilla.org" product. (https://bugzilla.mozilla.org/enter_bug.cgi?product=mozilla.org&component=CA%20Certificates) | ||
Additionally, please respond with one of the following: | Additionally, please respond with one of the following: | ||
* A) All | * A) All subordinate CA certificates chaining up to our certificates in Mozilla's CA program are either disclosed as requested above, or are technically constrained according to section 9 of Mozilla's CA Certificate Inclusion Policy. | ||
* B) We request an extension for the following specific subordinate CAs | * B) We request an extension for the following specific subordinate CA certificates, because these subordinate CAs need more time to transition from their legacy systems to their new CA hierarchy: <list of issuer hash, issuer public key hash, and certificate serial number>. For each subordinate CA who needs to operate in their legacy design a little longer, the attached document explains the reason that continued operation is needed and their target date for resolution. <attach document(s) to response> | ||
Participation in Mozilla's CA Certificate Program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe. Nevertheless, we believe that the best approach to safeguard that security is to work with CAs as partners, to foster open and frank communication, and to be diligent in looking for ways to improve. Thank you for your cooperation in this pursuit. | Participation in Mozilla's CA Certificate Program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe. Nevertheless, we believe that the best approach to safeguard that security is to work with CAs as partners, to foster open and frank communication, and to be diligent in looking for ways to improve. Thank you for your cooperation in this pursuit. | ||