April 2021 CA Communication and Survey

Skip to first unread message

Ben Wilson

Apr 20, 2021, 2:25:38 PMApr 20
to dev-secur...@mozilla.org
Today I sent out the following April 2021 CA Communication and Survey to all CAs in Mozilla's root program. If you are listed in the CCADB as a CA Point-of-Contact and believe you did not receive this email, please check your Spam folder. Contact me if you did not receive it.

Dear Certification Authority,

Mozilla’s Root Store Policy was recently updated to version 2.7.1[1] with an effective date of 1 May 2021. This version contains several changes[2] that may affect your organization and the auditors who evaluate your PKI. These changes require you to take action to ensure your continued compliance.

Please review version 2.7.1 of Mozilla’s Root Store Policy internally, and with your auditors as well. After you and your auditors have reviewed these new requirements, complete the April 2021 survey via the Common CA Database (CCADB). This survey also contains information regarding other recent and upcoming changes that may affect your practices. Read all survey questions first before beginning to respond.

To respond to this survey, log in to the CCADB[3], click on the 'CA Communications' under the 'More' tab, and select the 'April 2021 CA Communication' survey. All CAs with root certificates included in Mozilla’s root store must submit their responses by 30-April-2021.

A compiled list of CA responses to the survey will be automatically and immediately published[4] by the CCADB system.

Participation in Mozilla's CA Certificate Program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe. Nevertheless, we believe that the best approach to safeguard that security is to work with CAs as partners, to foster open and frank communication, and to be diligent in looking for ways to improve. Thank you for your cooperation in this pursuit.

Ben Wilson
Mozilla CA Program Manager

[1] https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy
[2] https://github.com/mozilla/pkipolicy/pull/223/files
[3] https://ccadb.org/cas
[4] https://wiki.mozilla.org/CA/Communications
Reply all
Reply to author
0 new messages