All,
The CCADB policy has been updated to Version 1.2 as originally planned and announced here.
Identified in the pre-release announcement, this update includes CCADB Incident Reports, mirroring Mozilla’s existing incident reporting format. This update offers a format for standardized reports, but it defers to individual Root Store policy on the enforcement of specific incident reporting requirements.
One additional update was included in this release after sharing the pre-release announcement, which aligns Section 5.1 (“Audit Statement Content”) of this policy with Section 8.6 (“Communication of results”) in Version 1.8.6 of the Baseline Requirements. This additional update does not intend to add any new requirements for the CA community, but was instead focused on improving consistency between the CCADB policy and the Baseline Requirements.
Thank you,
Chris, on behalf of the CCADB Steering Committee
Hi Antti,
Thank you for pointing this out. The intent of updating these sections was to align with the Baseline Requirements. While the BRs currently require an authoritative English version of the publicly available audit information, we understand the confusion it can cause with “audit information” included in the introduction to Section 5 of the CCADB policy.
We have clarified the introduction in a minor update to the CCADB policy.
Thank you again for drawing attention to this!
-Chris
--
You received this message because you are subscribed to the Google Groups "CCADB Public" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public+un...@ccadb.org.
To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/7eabcdbe-abeb-4381-87fa-d36500c8a041n%40ccadb.org.