info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
November 2017 CA Communication ACTION 1 April 15 2018 date question
223 views
Skip to first unread message
Arkadiusz Ławniczak
Nov 17, 2017, 3:26:53 AM11/17/17
to mozilla-dev-s...@lists.mozilla.org
Hi All
When reading a list of the main changes incorporated in the Mozilla Root Store Policy 2.5 I found that:
[...] By April 15, 2018, all intermediate certificates (that chain up to root certificates included in Mozilla's program) that are capable of issuing S/MIME certificates
but are not name constrained must be either audited and disclosed in the Common CA Database<http://ccadb.org/>, or be revoked [...]
I do not see such requirement in the Policy or even by searching m.d.s list. Maybe I missed something. Does anybody know where did it come from?
alaw
When reading a list of the main changes incorporated in the Mozilla Root Store Policy 2.5 I found that:
[...] By April 15, 2018, all intermediate certificates (that chain up to root certificates included in Mozilla's program) that are capable of issuing S/MIME certificates
but are not name constrained must be either audited and disclosed in the Common CA Database<http://ccadb.org/>, or be revoked [...]
I do not see such requirement in the Policy or even by searching m.d.s list. Maybe I missed something. Does anybody know where did it come from?
alaw
Gervase Markham
Nov 17, 2017, 1:05:27 PM11/17/17
to Arkadiusz Ławniczak
On 17/11/17 00:26, Arkadiusz Ławniczak wrote:
> [...] I do not see such requirement in the Policy or even by
> searching m.d.s list.. Maybe I missed something. Does anybody know
> [...] I do not see such requirement in the Policy or even by
> where did it come from?
https://github.com/mozilla/pkipolicy/blob/2.5/rootstore/policy.md
section 5.3.1.
However, the dates in version 2.5 of the policy have been superceded;
see erratum note on https://wiki.mozilla.org/CA/Root_Store_Policy_Archive .
Gerv
Arkadiusz Ławniczak
Nov 17, 2017, 2:29:37 PM11/17/17
to Gervase Markham, mozilla-dev-s...@lists.mozilla.org
Thanks Gerv
We have a situation in which our last WT audit is for the period ending on April 14,2017. As we know the audit is valid until the next audit is started. That is, that the next WT audit must be for period starting on April 15,2017 and ending not later than April 14,2018.
The question is, if we have valid audit report till 14 April,2018, shall we have been audited before that date or Mozilla will accept the validity this year audit report?
alaw
-----Original Message-----
From: dev-security-policy [mailto:dev-security-policy-bounces+arkadiusz.lawniczak=assec...@lists.mozilla.org] On Behalf Of Gervase Markham via dev-security-policy
Sent: Friday, November 17, 2017 7:05 PM
To: Arkadiusz Ławniczak <arkadiusz...@assecods.pl>; mozilla-dev-s...@lists.mozilla.org
Subject: Re: November 2017 CA Communication ACTION 1 April 15 2018 date question
On 17/11/17 00:26, Arkadiusz Ławniczak wrote:
> come from?
https://github.com/mozilla/pkipolicy/blob/2.5/rootstore/policy.md
section 5.3.1.
However, the dates in version 2.5 of the policy have been superceded; see erratum note on https://wiki.mozilla.org/CA/Root_Store_Policy_Archive .
Gerv
_______________________________________________
dev-security-policy mailing list
dev-secur...@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
We have a situation in which our last WT audit is for the period ending on April 14,2017. As we know the audit is valid until the next audit is started. That is, that the next WT audit must be for period starting on April 15,2017 and ending not later than April 14,2018.
The question is, if we have valid audit report till 14 April,2018, shall we have been audited before that date or Mozilla will accept the validity this year audit report?
alaw
-----Original Message-----
From: dev-security-policy [mailto:dev-security-policy-bounces+arkadiusz.lawniczak=assec...@lists.mozilla.org] On Behalf Of Gervase Markham via dev-security-policy
Sent: Friday, November 17, 2017 7:05 PM
To: Arkadiusz Ławniczak <arkadiusz...@assecods.pl>; mozilla-dev-s...@lists.mozilla.org
Subject: Re: November 2017 CA Communication ACTION 1 April 15 2018 date question
On 17/11/17 00:26, Arkadiusz Ławniczak wrote:
> [...] I do not see such requirement in the Policy or even by searching
> m.d.s list.. Maybe I missed something. Does anybody know where did it
> come from?
https://github.com/mozilla/pkipolicy/blob/2.5/rootstore/policy.md
section 5.3.1.
However, the dates in version 2.5 of the policy have been superceded; see erratum note on https://wiki.mozilla.org/CA/Root_Store_Policy_Archive .
Gerv
dev-security-policy mailing list
dev-secur...@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
Gervase Markham
Nov 22, 2017, 10:31:42 AM11/22/17
to Arkadiusz Ławniczak
Hi Arkadiusz,
On 17/11/17 19:28, Arkadiusz Ławniczak wrote:
> Thanks Gerv
>
> We have a situation in which our last WT audit is for the period
> ending on April 14,2017. As we know the audit is valid until the next
> audit is started. That is, that the next WT audit must be for period
> starting on April 15,2017 and ending not later than April 14,2018.
> The question is, if we have valid audit report till 14 April,2018,
> shall we have been audited before that date or Mozilla will accept
> the validity this year audit report?
I'm afraid I don't really understand your question :-( Perhaps a diagram
would help? The rules around audit dates and timings are all in our policy.
Gerv
On 17/11/17 19:28, Arkadiusz Ławniczak wrote:
> Thanks Gerv
>
> We have a situation in which our last WT audit is for the period
> ending on April 14,2017. As we know the audit is valid until the next
> audit is started. That is, that the next WT audit must be for period
> starting on April 15,2017 and ending not later than April 14,2018.
> The question is, if we have valid audit report till 14 April,2018,
> shall we have been audited before that date or Mozilla will accept
> the validity this year audit report?
would help? The rules around audit dates and timings are all in our policy.
Gerv
0 new messages