CCADB Policy Version 1.2 Release Notification

245 views
Skip to first unread message

Chris Clements

unread,
Feb 15, 2023, 11:52:48 AM2/15/23
to public

All,


The CCADB policy has been updated to Version 1.2 as originally planned and announced here


Identified in the pre-release announcement, this update includes CCADB Incident Reports, mirroring Mozilla’s existing incident reporting format. This update offers a format for standardized reports, but it defers to individual Root Store policy on the enforcement of specific incident reporting requirements.


One additional update was included in this release after sharing the pre-release announcement, which aligns Section 5.1 (“Audit Statement Content”) of this policy with Section 8.6 (“Communication of results”) in Version 1.8.6 of the Baseline Requirements. This additional update does not intend to add any new requirements for the CA community, but was instead focused on improving consistency between the CCADB policy and the Baseline Requirements.


Thank you,

Chris, on behalf of the CCADB Steering Committee


Antti Backman

unread,
Feb 16, 2023, 5:58:56 AM2/16/23
to CCADB Public, Chris Clements
Hi Chris

Not directly related to the changes and update in the new Policy version

But when re-iterating through the final version encounted this in the section 5 and 5.1 respectively.

Policy states in main body of section 5:
"CA Owners must provide English versions of any CP, CPS, and Audit documents which are not originally in English, with version numbers matching the document they are a translation of. The English version is not required to be authoritative in all cases of dispute, but the CA Owner must attest that the translation is not materially different to the original."

Subsequently the same is addressed in subsection 5.1:
"An authoritative English language version of publicly available audit information must be uploaded to the CCADB no later than three months after the end of the audit period. In the event of a delay greater than three months, the CA Owner must provide an explanatory letter signed by the Qualified Auditor"

As not being native english speaking, I got to wonder if there's contradiction in the "authoritative version" of the Audit documents between the two paragraphs presented above?

BR, Antti / Telia Company

Chris Clements

unread,
Feb 17, 2023, 1:49:28 PM2/17/23
to Antti Backman, CCADB Public

Hi Antti,


Thank you for pointing this out. The intent of updating these sections was to align with the Baseline Requirements. While the BRs currently require an authoritative English version of the publicly available audit information, we understand the confusion it can cause with “audit information” included in the introduction to Section 5 of the CCADB policy.


We have clarified the introduction in a minor update to the CCADB policy. 


Thank you again for drawing attention to this!

-Chris



--
You received this message because you are subscribed to the Google Groups "CCADB Public" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public+un...@ccadb.org.
To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/7eabcdbe-abeb-4381-87fa-d36500c8a041n%40ccadb.org.
Reply all
Reply to author
Forward
0 new messages