MozillaWiki

CA/Communications: Difference between revisions

Page Discussion

CA/Communications (view source)

Revision as of 20:14, 8 September 2023

20,249 bytes added ,  8 September 2023
m
→‎August 2023 CA Communication and Survey: Added survey results page
m (formatting update)
m (→‎August 2023 CA Communication and Survey: Added survey results page)
 
(42 intermediate revisions by 3 users not shown)
Line 1: Line 1:
The following are communications that have been sent to Certification Authorities participating in [[CA | Mozilla's root program.]] If you have questions regarding these communications, please first review related discussions in the mozilla.dev.security.policy forum. If your questions cannot be answered in that forum, then please send email to certificates@mozilla.org.
The following are communications that have been sent to Certification Authorities participating in [[CA | Mozilla's root program.]] If you have questions regarding these communications, please first review related discussions in the Mozilla dev-security-policy forum. If your questions cannot be answered in that forum, then please send email to certificates@mozilla.org.


== August 2023 CA Communication and Survey ==
Communication and Survey:
https://docs.google.com/document/d/1ieXSt3rJyOSopJnDp4wFGSugpk6pt5pJFJ55rkpb6Ks/edit?usp=sharing
The purpose of this communication and survey is to ensure that CA operators are aware of and prepared to comply with changes to the Mozilla Root Store Policy (MRSP), which we plan to publish soon as version 2.9 with an effective date of September 1, 2023.
The most significant changes to v2.9 of MRSP are:
# Retirement of Older Root CA Certificates
#* https://wiki.mozilla.org/CA/Root_CA_Lifecycles
# Compliance with the CABF’s S/MIME BRs
#* https://wiki.mozilla.org/CA/Transition_SMIME_BRs
# Security Vulnerability Reporting
#* https://wiki.mozilla.org/CA/Vulnerability_Disclosure
# Removed duplication with CCADB Policy regarding Audit Requirements
#* https://www.ccadb.org/policy
# Annual Submission of CCADB Compliance Self-Assessment
#* https://www.ccadb.org/cas/self-assessment
# Elimination of SHA-1
Survey Responses:
https://docs.google.com/spreadsheets/d/1xJ6VRs2R0tw3-QHoIRzIIO8MWWoqNs576KOxPKYsp3w/edit?usp=sharing
== February 2023 CA Communication ==
Dear Certification Authority,
Mozilla’s Root Store Policy (MRSP) was recently updated to version 2.8.1 with an effective date of February 15, 2023, https://github.com/mozilla/pkipolicy/pull/265/files. Version 2.8.1 contains several clarifications and minor changes that may affect your organization. You need to be aware of these clarifications and changes to ensure your continued compliance with the MRSP. The following are summaries only of the actual language in the MRSP, and in the event of any conflicting interpretation, the MRSP takes precedence over these summaries:
* You are required to follow and be aware of discussions in both the Mozilla dev-security-policy forum, https://groups.google.com/a/mozilla.org/g/dev-security-policy, and the CCADB Public List, https://groups.google.com/a/ccadb.org/g/public;
* Your CP, CPS, or combined CP/CPS MUST clearly explain your CA’s domain validation procedures and indicate which subsection of section 3.2.2.4 of the CA/Browser Forum’s Baseline Requirements you are complying with;
* Your CP, CPS, or combined CP/CPS MUST be updated at least every 365 days (more often is expected), and it must be reported in the CCADB in a “timely manner”, and failure to do either of these things will require that you file an incident report in Bugzilla;
* You MUST maintain links to all historic versions of each CP, CPS, or combined CP/CPS from the creation of included CA certificates until such certificate hierarchies are no longer trusted by the Mozilla root store, and if your CA certificate was included by Mozilla before December 31, 2022, then you still must maintain links for “reasonably available historic versions” of your CPs, CPSes, or combined CP/CPSes; and
* In the CCADB, if you elect to publish a JSON array of partial CRLs (rather than the full CRL), then the JSON Array of Partitioned CRLs must contain a critical Issuing Distribution Point extension, which shall include a URI whose value is derived from either the URI as encoded in the distributionPoint field of an issued certificate's CRL Distribution Points extension (see RFC 5280 section 5.2.5) or the URL included in the "JSON Array of Partitioned CRLs" field in the CCADB entry corresponding to the certificate for the issuing CA.
Finally, participation in Mozilla's CA Certificate Program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe. Nevertheless, we believe that the best approach to safeguard user security is to work with CAs as partners, to foster open and frank communication, and to be diligent in looking for ways to improve. Thank you very much for your continued cooperation in this pursuit.
Regards,
Ben Wilson
Mozilla CA Program Manager
== May 2022 CA Communication and Survey ==
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommunicationSurveySample?CACommunicationId=a058Z000013UmsDQAS Read-only copy of May 2022 CA Communication and Survey]
** This link is '''Read Only'''. To submit your responses, you must [http://ccadb.org/cas/ login to the CCADB], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'May 2022 CA Communication and Survey' survey.
** Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a 'survey submitted' response''' -- there are required fields.
=== May 2022 Responses ===
The reports in the following links are automatically generated from data in the [http://ccadb.org/ Common CA Database (CCADB)].
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a058Z000013UmsDQAS&QuestionId=Q00160,Q00161 Responses to Item 1] -- Compliance with MRSP v. 2.8
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a058Z000013UmsDQAS&QuestionId=Q00162,Q00163 Responses to Item 2] -- "Incidents" include audit findings
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a058Z000013UmsDQAS&QuestionId=Q00164,Q00165 Responses to Item 3] -- Auditor membership in ACAB'c and WebTrust
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a058Z000013UmsDQAS&QuestionId=Q00166,Q00167,Q00168 Responses to Item 4] -- Online Archival of CPs and CPSes
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a058Z000013UmsDQAS&QuestionId=Q00169,Q00170 Responses to Item 5] -- Full CRLs for Intermediate TLS CAs in CCADB
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a058Z000013UmsDQAS&QuestionId=Q00171,Q00172 Responses to Item 6.1] -- Sunsetting of SHA1 for S/MIME Certificates
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a058Z000013UmsDQAS&QuestionId=Q00173,Q00174 Responses to Item 6.2] -- Sunsetting of SHA1 for Other Types of Signing
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a058Z000013UmsDQAS&QuestionId=Q00175,Q00176 Responses to Item 7] --  Publicly Disclose Intermediate CA Certificates capable of Issuing TLS or S/MIME
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a058Z000013UmsDQAS&QuestionId=Q00177,Q00178 Responses to Item 8] -- Misissuance of Certificate Transparency Precertificates
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a058Z000013UmsDQAS&QuestionId=Q00179,Q00180,Q00181 Responses to Item 9] -- CRL Revocation Reasons for TLS Certificates
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a058Z000013UmsDQAS&QuestionId=Q00182,Q00183 Responses to Item 10] -- Public Review of Unconstrained Externally-Operated Subordinate CAs
== February 2022 CA Communication ==
Dear Certification Authority,
Mozilla is engaged in policy review discussions to sunset the use of SHA1 for signing by CAs of CRLs, OCSP responses, and SMIME certificates.
See https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/CnVjV-bFcyI/m/TFuWOy2BAwAJ
(Server certificate signing is governed by the Baseline Requirements, and effective June 1, 2022, OCSP responses related to server certificates cannot be signed with SHA1.)
One proposal is to remove SHA1 from the list of allowed signing algorithms altogether, but before we do this, I would like your proposed sunset dates for the different types of SHA1 signing you might currently perform--SMIME certificates, ARLs/CRLs, and OCSP responses for SMIME certificates.
Please participate in this important topic, which is already underway on the Mozilla dev-security-policy list. Let us know about your specific concerns and hurdles that would need to be overcome.
(Some CAs have expressed willingness to quickly convert over to SHA256, while others have expressed that it is not a simple task and will require additional development work.)
Thanks,
Ben Wilson (bwilson@mozilla.com)
Mozilla Root Store Program
== April 2021 CA Communication ==
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommunicationSurveySample?CACommunicationId=a054o00000EL1Fo Read-only copy of April 2021 CA Communication]
** This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'April 2021 CA Communication' survey.
** Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a 'survey submitted' response''' -- there are required fields.
Dear Certification Authority,
<br>
<br>
Mozilla’s Root Store Policy was recently updated to [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ version 2.7.1] with an effective date of 1 May 2021. This version contains [https://github.com/mozilla/pkipolicy/pull/223 several changes] that may affect your organization and the auditors who evaluate your PKI.  These changes require you to take action to ensure your continued compliance.
<br><br>
Please review version 2.7.1 of [https://www.mozilla.org/projects/security/certs/policy/ Mozilla’s Root Store Policy] internally, and with your auditors as well. After you and your auditors have reviewed these new requirements, complete the April 2021 survey via the Common CA Database (CCADB). This survey also contains information regarding other recent and upcoming changes that may affect your practices. Read all survey questions first before beginning to respond.
<br><br>
To respond to this survey, [https://ccadb.org/cas/ log in to the CCADB], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'April 2021 CA Communication' survey. All CAs with root certificates included in Mozilla’s root store must submit their responses by 30-April-2021.
<br><br>
A compiled list of CA responses to the survey will be [https://wiki.mozilla.org/CA/Communications automatically and immediately published] by the CCADB system.
<br><br>
Participation in Mozilla's CA Certificate Program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe. Nevertheless, we believe that the best approach to safeguard that security is to work with CAs as partners, to foster open and frank communication, and to be diligent in looking for ways to improve. Thank you for your cooperation in this pursuit.
<br>
<br>Regards,
<br>Ben Wilson
<br>Mozilla CA Program Manager
=== April 2021 Responses ===
The reports in the following links are automatically generated from data in the [http://ccadb.org/ Common CA Database (CCADB)].
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00129,Q00142 Responses to Item 1] -- Review Version 2.7.1 of Mozilla's Root Store Policy
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00131,Q00149,Q00143 Responses to Item 2] -- 398-day reuse period on domain/IP address validation
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00132,Q00144 Responses to Item 3] -- Clarification about EV Audit Requirements
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00133,Q00145 Responses to Item 4] -- Annual Audit Covering the CA Key Pair Lifecycle
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00136,Q00146 Responses to Item 5] -- Audit Team Qualifications
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00137,Q00147 Responses to Item 6] --  List of Incidents in Audit Reports
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00140,Q00150,Q00148 Responses to Item 7] -- Methods to Demonstrate Key Compromise
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00141,Q00157,Q00159  Responses to Item 8] --  Removal of Old Root CA Certificates (challenges and alternatives)
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00156,Q00151,Q00158 Responses to Item 8 timelines] -- Timelines and strategies to replace old, non-BR compliant CA hierarchies and root certificates
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a054o00000EL1Fo&QuestionId=Q00152,Q00155,Q00153 Responses to Item 9] -- Audit Letter Validation on Intermediate Certificates
== May 2020 CA Communication ==
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommunicationSurveySample?CACommunicationId=a051J000042AUSv Read-only copy of May 2020 CA Communication]
** CAs: This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'May 2020 CA Communication' survey. Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a good 'survey submitted' response''' -- there are required fields.
<br />
Dear Certification Authority,
<br>
<br>This survey requests your input on current policy and upcoming policy changes that affect you as a participant in Mozilla's CA Certificate Program.
<br>
<br>To respond to this survey, [http://ccadb.org/cas/ login to the CCADB], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'May 2020 CA Communication' survey. All CAs with root certificates included in Mozilla’s root store must submit their responses by 31-May 2020.
<br>
<br>A compiled list of CA responses to the survey will be [https://wiki.mozilla.org/CA/Communications automatically and immediately published] by the CCADB system.
<br>
<br>Participation in Mozilla's CA Certificate Program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe. Nevertheless, we believe that the best approach to safeguard that security is to work with CAs as partners, to foster open and frank communication, and to be diligent in looking for ways to improve. Thank you for your cooperation in this pursuit.
<br>
<br>Regards,
<br>Kathleen Wilson
<br>Mozilla CA Program Manager
=== May 2020 Responses ===
The reports in the following links are automatically generated from data in the [http://ccadb.org/ Common CA Database (CCADB)].
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J000042AUSv&QuestionId=Q00099,Q00100 Responses to Item 1] -- Impact of COVID-19 Restrictions
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J000042AUSv&QuestionId=Q00101,Q00102, Responses to Item 2] -- Mozilla Root Store Policy version 2.7 Requirements and Deadlines
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J000042AUSv&QuestionId=Q00103,Q00104 Responses to Item 3] -- Reducing Maximum Validity Period for TLS Certificates
** [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J000042AUSv&QuestionId=Q00105,Q00106,Q00107 Responses to Sub Item 3.1] -- Limit TLS Certificates to 398-day validity
** [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J000042AUSv&QuestionId=Q00108,Q00109,Q00110 Responses to Sub Item 3.2] -- Limit re-use of domain name and IP address verification to 398 days
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J000042AUSv&QuestionId=Q00111,Q00112 Responses to Item 4] -- CA/Browser Forum Ballot for Browser Alignment
** [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J000042AUSv&QuestionId=Q00113,Q00114,Q00115 Responses to Sub Item 4.1] -- CA/Browser Forum defined-policy OID in Subscriber Cert certificatePolicies
** [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J000042AUSv&QuestionId=Q00116,Q00117,Q00118 Responses to Sub Item 4.2] -- Byte-for-byte Identical Issuer and Subject Distinguished Names
** [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J000042AUSv&QuestionId=Q00119,Q00120,Q00121 Responses to Sub Item 4.3] -- Text-searchable PDF Audit Statements
** [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J000042AUSv&QuestionId=Q00122,Q00123,Q00124 Responses to Sub Item 4.4] -- OCSP Requirements
== January 2020 CA Communication ==
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommunicationSurveySample?CACommunicationId=a051J00003waNOW Read-only copy of January 2020 CA Communication]
** CAs: This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'January 2020 CA Communication' survey. Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a good 'survey submitted' response''' -- there are required fields.
<br />
Dear Certification Authority,
<br>
<br>Mozilla’s [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Root Store Policy] was recently [https://blog.mozilla.org/security/2019/12/11/announcing-version-2-7-of-the-mozilla-root-store-policy/ updated]. The 2.7 version went into effect on 1-January 2020. This version contains a [https://github.com/mozilla/pkipolicy/pull/199/files number of changes] that may affect your organization and will require you to take action to comply. Please review Mozilla’s updated Root Store Policy and complete the January 2020 survey via the Common CA Database (CCADB). This survey also contains information regarding other recent and upcoming changes that may affect your Certificate Authority (CA).
<br>
<br>As a participant in Mozilla's CA Certificate Program, this survey requires that you answer a set of questions.
<br>
<br>To respond to this survey, [https://ccadb.org/cas/ log in to the Common CA Database (CCADB)], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the ‘January 2020 CA Communication' survey. Please enter your response by 31 January 2020.
<br>
<br>A compiled list of CA responses to the survey action items will be [https://wiki.mozilla.org/CA/Communications automatically and immediately published] by the CCADB system.
<br>
<br>Participation in Mozilla's CA Certificate Program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe. Nevertheless, we believe that the best approach to safeguard that security is to work with CAs as partners, to foster open and frank communication, and to be diligent in looking for ways to improve. Thank you for your cooperation in this pursuit.
<br>
<br>Regards,
<br>Wayne Thayer
<br>Mozilla CA Program Manager
=== January 2020 Responses ===
The reports in the following links are automatically generated from data in the [http://ccadb.org/ Common CA Database (CCADB)].
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003waNOW&QuestionId=Q00082,Q00083 Responses to Action 1] -- Review Mozilla Root Store Policy
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003waNOW&QuestionId=Q00084,Q00085,Q00098 Responses to Action 2] -- Update CP/CPS
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003waNOW&QuestionId=Q00086,Q00087,Q00097 Responses to Action 3] --  Include EKUs in All End-entity Certificates
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003waNOW&QuestionId=Q00088,Q00089 Responses to Action 4] -- Ensure Audit Reports are Properly Formatted
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003waNOW&QuestionId=Q00090,Q00096,Q00091 Responses to Action 5] -- Resolve Audit Issues with Intermediate Certificates
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003waNOW&QuestionId=Q00092,Q00093 Responses to Action 6] -- Incident Reporting
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003waNOW&QuestionId=Q00094,Q00095 Responses to Action 7] -- Compliance with BRs


== November 2018 CA Communication (Underscores in dNSNames) ==
== November 2018 CA Communication (Underscores in dNSNames) ==
On November 12, 2018, the following message was sent to all CAs in the Mozilla program, alerting them to CA/Browser Forum SC12 that established a brief sunset period for the use of underscore characters in dNSNames in publicly-trusted TLS certificates.
On November 12, 2018, the following message was sent to all CAs in the Mozilla program, alerting them to CA/Browser Forum SC12 that established a brief sunset period for the use of underscore characters in dNSNames in publicly-trusted TLS certificates.
<br />
<br />
Dear Certification Authority,
Dear Certification Authority,


Line 20: Line 208:
After April 30, 2019, underscore characters (“_”) MUST NOT be present in dNSName entries.
After April 30, 2019, underscore characters (“_”) MUST NOT be present in dNSName entries.
-----
-----
This new language will go into effect on December 10, 2019 when the IPR review period for ballot SC12 [1] is completed. At that time, CAs must be prepared to stop issuing publicly-trusted TLS certificates containing the underscore character in any dNSName with validity periods of more than 30 days.
This new language will go into effect on December 10, 2018 when the IPR review period for ballot SC12 [1] is completed. At that time, CAs must be prepared to stop issuing publicly-trusted TLS certificates containing the underscore character in any dNSName with validity periods of more than 30 days.


As a participant in Mozilla's CA Certificate Program, we want you to be aware of this important change, and ask that you take any necessary steps to comply. No further action related to this change is requested at this time.
As a participant in Mozilla's CA Certificate Program, we want you to be aware of this important change, and ask that you take any necessary steps to comply. No further action related to this change is requested at this time.
Line 35: Line 223:


== September 2018 CA Communication ==
== September 2018 CA Communication ==
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommunicationSurveySample?CACommunicationId=a051J00003rMGLL Read-only copy of September 2018 CA Communication]
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommunicationSurveySample?CACommunicationId=a051J00003rMGLL Read-only copy of September 2018 CA Communication]
** CAs: This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], click on the 'CA Communications (Page)' tab, and select the 'September 2018 CA Communication' survey. Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a good 'survey submitted' response''' -- there are required fields.
** CAs: This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'September 2018 CA Communication' survey. Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a good 'survey submitted' response''' -- there are required fields.
<br />
<br />
Dear Certification Authority,
Dear Certification Authority,
Line 44: Line 232:
<br>As a participant in Mozilla's CA Certificate Program, this survey requires that you answer a set of questions.
<br>As a participant in Mozilla's CA Certificate Program, this survey requires that you answer a set of questions.
<br>
<br>
<br>To respond to this survey, [https://ccadb.org/cas/ log in to the Common CA Database (CCADB)], click on the 'CA Communications (Page)' tab, and select the ‘September 2018 CA Communication' survey. Please enter your response by 30-September 2018.
<br>To respond to this survey, [https://ccadb.org/cas/ log in to the Common CA Database (CCADB)], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the ‘September 2018 CA Communication' survey. Please enter your response by 30-September 2018.
<br>
<br>
<br>A compiled list of CA responses to the survey action items will be [https://wiki.mozilla.org/CA/Communications automatically and immediately published] by the CCADB system.
<br>A compiled list of CA responses to the survey action items will be [https://wiki.mozilla.org/CA/Communications automatically and immediately published] by the CCADB system.
Line 58: Line 246:
The reports in the following links are automatically generated from data in the [http://ccadb.org/ Common CA Database (CCADB)].
The reports in the following links are automatically generated from data in the [http://ccadb.org/ Common CA Database (CCADB)].


* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003rMGLL&QuestionId=Q00068,Q00069 Responses to Action 1] -- Review Mozilla Root Store Policy
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003rMGLL&QuestionId=Q00068,Q00069 Responses to Action 1] -- Review Mozilla Root Store Policy


* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003rMGLL&QuestionId=Q00070,Q00071 Responses to Action 2] -- Update CP/CPS
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003rMGLL&QuestionId=Q00070,Q00071 Responses to Action 2] -- Update CP/CPS


* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003rMGLL&QuestionId=Q00072,Q00073 Responses to Action 3] -- Transition to Separate Intermediate Certificates for SSL and S/MIME
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003rMGLL&QuestionId=Q00072,Q00073 Responses to Action 3] -- Transition to Separate Intermediate Certificates for SSL and S/MIME


* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003rMGLL&QuestionId=Q00074,Q00075 Responses to Action 4] -- Ensure Audit Reports comply with Mozilla’s Root Store Policy
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003rMGLL&QuestionId=Q00074,Q00075 Responses to Action 4] -- Ensure Audit Reports comply with Mozilla’s Root Store Policy


* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003rMGLL&QuestionId=Q00076,Q00077 Responses to Action 5] -- Discontinue use of BR Validation Methods 3.2.2.4.1 and 3.2.2.4.5
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003rMGLL&QuestionId=Q00076,Q00077 Responses to Action 5] -- Discontinue use of BR Validation Methods 3.2.2.4.1 and 3.2.2.4.5


* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003rMGLL&QuestionId=Q00078,Q00079 Responses to Action 6] --  Disclose Intermediate Certificates
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003rMGLL&QuestionId=Q00078,Q00079 Responses to Action 6] --  Disclose Intermediate Certificates


* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003rMGLL&QuestionId=Q00080,Q00081 Responses to Action 7] -- Submit TLS Certificates to CT Logs for Mozilla's CRLite
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003rMGLL&QuestionId=Q00080,Q00081 Responses to Action 7] -- Submit TLS Certificates to CT Logs for Mozilla's CRLite


== January 2018 CA Communication ==
== January 2018 CA Communication ==
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommunicationSurveySample?CACommunicationId=a051J00003mqMFN Read-only copy of January 2018 CA Communication]
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommunicationSurveySample?CACommunicationId=a051J00003mqMFN Read-only copy of January 2018 CA Communication]
** CAs: This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], click on the 'CA Communications (Page)' tab, and select the 'January 2018 CA Communication' survey. Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a good 'survey submitted' response''' -- there are required fields.
** CAs: This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'January 2018 CA Communication' survey. Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a good 'survey submitted' response''' -- there are required fields.
<br />
<br />
Dear Certification Authority,
Dear Certification Authority,
Line 82: Line 270:
This survey requests a set of actions on your behalf, as a participant in Mozilla's CA Certificate Program.
This survey requests a set of actions on your behalf, as a participant in Mozilla's CA Certificate Program.
<br /><br />
<br /><br />
To respond to this survey, login to the Common CA Database (CCADB), click on the 'CA Communications (Page)' tab, and select the 'January 2018 CA Communication' survey. Please enter your response by 9-February 2018.
To respond to this survey, login to the Common CA Database (CCADB), then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'January 2018 CA Communication' survey. Please enter your response by 9-February 2018.
<br /><br />
<br /><br />
A compiled list of CA responses to the survey action items will be automatically and immediately published by the CCADB system.
A compiled list of CA responses to the survey action items will be automatically and immediately published by the CCADB system.
Line 96: Line 284:
The reports in the following links are automatically generated from data in the [http://ccadb.org/ Common CA Database (CCADB)].
The reports in the following links are automatically generated from data in the [http://ccadb.org/ Common CA Database (CCADB)].


* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003mqMFN&QuestionId=Q00056,Q00057 Responses to Action 1] -- Disclose Use of Methods 3.2.2.4.9 or 3.2.2.4.10 for Domain Validation
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003mqMFN&QuestionId=Q00056,Q00057 Responses to Action 1] -- Disclose Use of Methods 3.2.2.4.9 or 3.2.2.4.10 for Domain Validation


* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003mqMFN&QuestionId=Q00058,Q00059 Responses to Action 2] -- Disclose Use of Methods 3.2.2.4.1 or 3.2.2.4.5 for Domain Validation
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003mqMFN&QuestionId=Q00058,Q00059 Responses to Action 2] -- Disclose Use of Methods 3.2.2.4.1 or 3.2.2.4.5 for Domain Validation


* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003mqMFN&QuestionId=Q00060,Q00061 Responses to Action 3] -- Disclose All Non-Technically-Constrained Subordinate CA Certificates
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003mqMFN&QuestionId=Q00060,Q00061 Responses to Action 3] -- Disclose All Non-Technically-Constrained Subordinate CA Certificates


* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003mqMFN&QuestionId=Q00062,Q00063 Responses to Action 4] -- Complete BR Self Assessment
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003mqMFN&QuestionId=Q00062,Q00063 Responses to Action 4] -- Complete BR Self Assessment


* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003mqMFN&QuestionId=Q00064,Q00065 Responses to Action 5] -- Update CP/CPS to Comply with version 2.5 of Mozilla Root Store Policy
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003mqMFN&QuestionId=Q00064,Q00065 Responses to Action 5] -- Update CP/CPS to Comply with version 2.5 of Mozilla Root Store Policy


* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003mqMFN&QuestionId=Q00066,Q00067 Responses to Action 6] -- Reduce SSL Certificate Validity Periods to 825 Days or Less by March 1, 2018
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003mqMFN&QuestionId=Q00066,Q00067 Responses to Action 6] -- Reduce SSL Certificate Validity Periods to 825 Days or Less by March 1, 2018


== November 2017 CA Communication ==
== November 2017 CA Communication ==


* [https://ccadb-public.secure.force.com/mozillacommunications/CACommunicationSurveySample?CACommunicationId=a051J00003mogw7 Read-only copy of November 2017 CA Communication]
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommunicationSurveySample?CACommunicationId=a051J00003mogw7 Read-only copy of November 2017 CA Communication]
** CAs: This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], click on the 'CA Communications (Page)' tab, and select the 'November 2017 CA Communication' survey. Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a good 'survey submitted' response''' -- there are required fields.
** CAs: This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'November 2017 CA Communication' survey. Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a good 'survey submitted' response''' -- there are required fields.


Dear Certification Authority,  
Dear Certification Authority,  
Line 117: Line 305:
This survey requests a set of actions on your behalf, as a participant in [[CA|Mozilla's CA Certificate Program]].
This survey requests a set of actions on your behalf, as a participant in [[CA|Mozilla's CA Certificate Program]].


To respond to this survey, login to the [http://ccadb.org/cas Common CA Database (CCADB)], click on the 'CA Communications (Page)' tab, and select the 'November 2017 CA Communication' survey. Please enter your response by December 15, 2017.
To respond to this survey, login to the [http://ccadb.org/cas Common CA Database (CCADB)], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'November 2017 CA Communication' survey. Please enter your response by December 15, 2017.


A compiled list of CA responses to the survey action items will be [[CA/Communications|automatically and immediately published]] by the CCADB system.
A compiled list of CA responses to the survey action items will be [[CA/Communications|automatically and immediately published]] by the CCADB system.
Line 131: Line 319:
The reports in the following links are automatically generated from data in the [http://ccadb.org/ Common CA Database (CCADB)].
The reports in the following links are automatically generated from data in the [http://ccadb.org/ Common CA Database (CCADB)].


* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00035,Q00036 Responses to Action 1] -- Full compliance with version 2.5 of [https://www.mozilla.org/about/governance/policies/security-group/certs/policy Mozilla's Root Store Policy]
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00035,Q00036 Responses to Action 1] -- Full compliance with version 2.5 of [https://www.mozilla.org/about/governance/policies/security-group/certs/policy Mozilla's Root Store Policy]
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00037,Q00044 Responses to Action 2] -- non-technically-constrained intermediate certificates must be [http://ccadb.org/cas/intermediates disclosed in CCADB] within one week of creation. '''New requirements''' for [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#technically-constrained technical constraints on intermediate certificates issuing S/MIME certificates].
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00037,Q00044 Responses to Action 2] -- non-technically-constrained intermediate certificates must be [http://ccadb.org/cas/intermediates disclosed in CCADB] within one week of creation. '''New requirements''' for [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#technically-constrained technical constraints on intermediate certificates issuing S/MIME certificates].
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00038,Q00045 Responses to Action 3] -- Annual updates via [http://ccadb.org/cas/updates CCADB Audit Cases]
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00038,Q00045 Responses to Action 3] -- Annual updates via [http://ccadb.org/cas/updates CCADB Audit Cases]
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00050,Q00051 Responses to Action 4] -- Reiterate [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#audit-parameters audit requirements] and '''penalty for incomplete audit statements'''
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00050,Q00051 Responses to Action 4] -- Reiterate [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#audit-parameters audit requirements] and '''penalty for incomplete audit statements'''
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00039,Q00046 Responses to Action 5] -- Perform a [[CA/BR_Self-Assessment|BR Self Assessment]]
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00039,Q00046 Responses to Action 5] -- Perform a [[CA/BR_Self-Assessment|BR Self Assessment]]
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00042,Q00048 Responses to Action 6] -- Provide tested email address for [https://ccadb-public.secure.force.com/mozilla/CAInformationReport Problem Reporting Mechanism]
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00042,Q00048 Responses to Action 6] -- Provide tested email address for [https://ccadb.my.salesforce-sites.com/mozilla/CAInformationReport Problem Reporting Mechanism]
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00040,Q00047 Responses to Action 7] -- Follow new developments and effective dates for [http://tools.ietf.org/html/rfc6844 Certification Authority Authorization (CAA)]
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00040,Q00047 Responses to Action 7] -- Follow new developments and effective dates for [http://tools.ietf.org/html/rfc6844 Certification Authority Authorization (CAA)]
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00052,Q00053 Responses to Action 8] -- Check [https://groups.google.com/d/msg/mozilla.dev.security.policy/4kj8Jeem0EU/GvqsgIzSAAAJ issuance of certs to .tg domains] from October 25 to November 11, 2017.
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00052,Q00053 Responses to Action 8] -- Check [https://groups.google.com/d/msg/mozilla.dev.security.policy/4kj8Jeem0EU/GvqsgIzSAAAJ issuance of certs to .tg domains] from October 25 to November 11, 2017.


== May 2017 - Announcing CCADB Changes ==
== May 2017 - Announcing CCADB Changes ==
Line 178: Line 366:
will be changed to
will be changed to
<br />
<br />
https://ccadb-public.secure.force.com/mozillacommunications
https://ccadb-public.secure.force.com/Surveys
<br />
<br />
<br />
<br />
Line 192: Line 380:
Note: The deadline to reply to this survey has [https://groups.google.com/d/msg/mozilla.dev.security.policy/03rdTdnm7iw/NQUHmWOcEAAJ been extended] by one week, to May 5, 2017.
Note: The deadline to reply to this survey has [https://groups.google.com/d/msg/mozilla.dev.security.policy/03rdTdnm7iw/NQUHmWOcEAAJ been extended] by one week, to May 5, 2017.


* [https://ccadb-public.secure.force.com/mozillacommunications/CACommunicationSurveySample?CACommunicationId=a05o000003WrzBC Read-only copy of April 2017 CA Communication]
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommunicationSurveySample?CACommunicationId=a05o000003WrzBC Read-only copy of April 2017 CA Communication]
** CAs: This link is '''Read Only'''. To submit your response, you must [https://ccadb.force.com/CustomLogin login to the CCADB], click on the 'CA Communications (Page)' tab, and select the 'April 2017 CA Communication' survey. Make sure you click on the 'Submit' button at the bottom of the survey, and make sure you get a good 'survey submitted' response -- there are required fields.
** CAs: This link is '''Read Only'''. To submit your response, you must [https://ccadb.force.com/CustomLogin login to the CCADB], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'April 2017 CA Communication' survey. Make sure you click on the 'Submit' button at the bottom of the survey, and make sure you get a good 'survey submitted' response -- there are required fields.


Dear Certification Authority,
Dear Certification Authority,
Line 199: Line 387:
This survey requests a set of actions on your behalf, as a participant in [[CA:IncludedCAs|Mozilla's CA Certificate Program]].
This survey requests a set of actions on your behalf, as a participant in [[CA:IncludedCAs|Mozilla's CA Certificate Program]].


To respond to this survey, [https://mozillacacommunity.force.com/CustomLogin login to the Common CA Database (CCADB)], click on the 'CA Communications (Page)' tab, and select the 'April 2017 CA Communication' survey. Please enter your response by April 28, 2017.
To respond to this survey, [https://mozillacacommunity.force.com/CustomLogin login to the Common CA Database (CCADB)], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'April 2017 CA Communication' survey. Please enter your response by April 28, 2017.


A compiled list of CA responses to the survey action items will be automatically and immediately published by the CCADB system.
A compiled list of CA responses to the survey action items will be automatically and immediately published by the CCADB system.
Line 215: Line 403:
The reports in the following links are automatically generated from data in the [[CA:CommonCADatabase|Common CA Database]].
The reports in the following links are automatically generated from data in the [[CA:CommonCADatabase|Common CA Database]].


* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00015,Q00030 Responses to Action 1] -- Domain Validation
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00015,Q00030 Responses to Action 1] -- Domain Validation
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00016,Q00025 Responses to Action 2 and Action 10] -- Yearly CP/CPS Updates, Test Tools
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00016,Q00025 Responses to Action 2 and Action 10] -- Yearly CP/CPS Updates, Test Tools
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00022,Q00029 Responses to Action 3] -- Updated Mozilla CA Certificate Policy
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00022,Q00029 Responses to Action 3] -- Updated Mozilla CA Certificate Policy
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00017,Q00031 Responses to Action 4] -- Audit Statements, annual updates
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00017,Q00031 Responses to Action 4] -- Audit Statements, annual updates
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00018,Q00032 Responses to Action 5] -- Audit Statement Contents
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00018,Q00032 Responses to Action 5] -- Audit Statement Contents
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00021,Q00033 Responses to Action 6] -- Qualified Audit Statements
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00021,Q00033 Responses to Action 6] -- Qualified Audit Statements
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00019 Responses to Action 7] -- BR Compliance Bugs
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00019 Responses to Action 7] -- BR Compliance Bugs
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommRespWithTextAndTotalsReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00020&QuestionIdForText=Q00026 Responses to Action 8] -- Confirm Completion of Previous Commitments
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommRespWithTextAndTotalsReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00020&QuestionIdForText=Q00026 Responses to Action 8] -- Confirm Completion of Previous Commitments
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00027 Responses to Action 9] -- Registration Authorities
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00027 Responses to Action 9] -- Registration Authorities
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00016,Q00025 Responses to Action 10 and Action 2] -- Yearly CP/CPS Updates, Test Tools
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00016,Q00025 Responses to Action 10 and Action 2] -- Yearly CP/CPS Updates, Test Tools
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00023 Responses to Action 11] -- Certification Authority Authorization (CAA)
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00023 Responses to Action 11] -- Certification Authority Authorization (CAA)
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00028 Responses to Action 12] -- Problem Reporting Mechanism
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00028 Responses to Action 12] -- Problem Reporting Mechanism
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00024 Responses to Action 13] -- SHA-1 and S/MIME
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00024 Responses to Action 13] -- SHA-1 and S/MIME
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00034 Responses to Action 14] -- Certificate Validity Periods in TLS/SSL Certs
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a05o000003WrzBC&QuestionId=Q00034 Responses to Action 14] -- Certificate Validity Periods in TLS/SSL Certs


== March 2016 ==
== March 2016 ==


* [https://ccadb-public.secure.force.com/mozillacommunications/CACommunicationSurveySample?CACommunicationId=a05o000000iHdtx Read-only copy of March 2016 CA Communication]
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommunicationSurveySample?CACommunicationId=a05o000000iHdtx Read-only copy of March 2016 CA Communication]


Dear Certification Authority,
Dear Certification Authority,
Line 238: Line 426:
This survey requests a set of actions on your behalf, as a participant in Mozilla's CA Certificate Program, by April 22, 2016.
This survey requests a set of actions on your behalf, as a participant in Mozilla's CA Certificate Program, by April 22, 2016.


To respond to this survey, please login to the [[CA:SalesforceCommunity|CA Community in Salesforce]], click on the 'CA Communications (Page)' tab, and select the 'March 2016 CA Communication' survey. Please enter your response by April 22, 2016.  
To respond to this survey, please login to the [[CA:SalesforceCommunity|CA Community in Salesforce]], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'March 2016 CA Communication' survey. Please enter your response by April 22, 2016.  


A compiled list of CA responses to the survey action items will be [[CA:Communications#March_2016_Responses|automatically and immediately published]] by Salesforce.
A compiled list of CA responses to the survey action items will be [[CA:Communications#March_2016_Responses|automatically and immediately published]] by Salesforce.
Line 254: Line 442:
The following links are automatically generated from data in the [[CA:SalesforceCommunity|CA Community in Salesforce]].
The following links are automatically generated from data in the [[CA:SalesforceCommunity|CA Community in Salesforce]].


* [https://ccadb-public.secure.force.com/mozillacommunications/CACommSummaryReport?CommunicationID=a05o000000iHdtx CA Responses to March 2016 CA Communication]
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommSummaryReport?CommunicationID=a05o000000iHdtx CA Responses to March 2016 CA Communication]
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000000iHdtx&QuestionId=Q00001,Q00013 Responses to Action #1a] -- SHA-1 Deprecation dates
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a05o000000iHdtx&QuestionId=Q00001,Q00013 Responses to Action #1a] -- SHA-1 Deprecation dates
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000000iHdtx&QuestionId=Q00002,Q00014 Responses to Action #1b] -- SHA-1 Deprecation dates
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a05o000000iHdtx&QuestionId=Q00002,Q00014 Responses to Action #1b] -- SHA-1 Deprecation dates
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommRespWithTextAndTotalsReport?CommunicationId=a05o000000iHdtx&QuestionId=Q00010&QuestionIdForText=Q00011 Responses to Action #1c] -- SHA-1 Deprecation
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommRespWithTextAndTotalsReport?CommunicationId=a05o000000iHdtx&QuestionId=Q00010&QuestionIdForText=Q00011 Responses to Action #1c] -- SHA-1 Deprecation
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000000iHdtx&QuestionId=Q00004 Responses to Action #2] -- Entering intermediate certificate data into the CA Community in Salesforce
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a05o000000iHdtx&QuestionId=Q00004 Responses to Action #2] -- Entering intermediate certificate data into the CA Community in Salesforce
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000000iHdtx&QuestionId=Q00005 Responses to Action #3] -- Entering revoked intermediate certificate data into the CA Community in Salesforce
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a05o000000iHdtx&QuestionId=Q00005 Responses to Action #3] -- Entering revoked intermediate certificate data into the CA Community in Salesforce
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommRespWithTextAndTotalsReport?CommunicationId=a05o000000iHdtx&QuestionId=Q00006&QuestionIdForText=Q00007 Responses to Action #4] -- [[SecurityEngineering/mozpkix-testing#Things_for_CAs_to_Fix|Removing workarounds]] to compatibility issues that were encountered involving certificates that did not conform to the Baseline Requirements.  
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommRespWithTextAndTotalsReport?CommunicationId=a05o000000iHdtx&QuestionId=Q00006&QuestionIdForText=Q00007 Responses to Action #4] -- [[SecurityEngineering/mozpkix-testing#Things_for_CAs_to_Fix|Removing workarounds]] to compatibility issues that were encountered involving certificates that did not conform to the Baseline Requirements.  
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000000iHdtx&QuestionId=Q00008 Responses to Action #5] -- Plans to remove old/retired root certificates
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a05o000000iHdtx&QuestionId=Q00008 Responses to Action #5] -- Plans to remove old/retired root certificates
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000000iHdtx&QuestionId=Q00009 Responses to Action #6] -- Confirmation of understanding that all certificates, including test certificates, must conform to stated policies
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a05o000000iHdtx&QuestionId=Q00009 Responses to Action #6] -- Confirmation of understanding that all certificates, including test certificates, must conform to stated policies
* [https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a05o000000iHdtx&QuestionId=Q00012 Responses to Action #7] -- [[CA:RootTransferPolicy|Mozilla's Root Transfer Policy]]
* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a05o000000iHdtx&QuestionId=Q00012 Responses to Action #7] -- [[CA:RootTransferPolicy|Mozilla's Root Transfer Policy]]


== May 2015 ==
== May 2015 ==
Line 274: Line 462:


Your Survey Link:  
Your Survey Link:  
* [https://ccadb-public.secure.force.com/mozillacommunications/TakeSurvey?id=a04o000000M89RCAAZ&cId=&caId=none Survey Link] -- '''IMPORTANT: CA's do NOT use the link in this wiki page! This link will NOT record your response. Please use the link that was emailed to you.'''
* [https://ccadb.my.salesforce-sites.com/Surveys/TakeSurvey?id=a04o000000M89RCAAZ&cId=&caId=none Survey Link] -- '''IMPORTANT: CA's do NOT use the link in this wiki page! This link will NOT record your response. Please use the link that was emailed to you.'''


Please use the above link to read and respond to the action items. Note that you may access the above link multiple times to update your responses.
Please use the above link to read and respond to the action items. Note that you may access the above link multiple times to update your responses.
Line 290: Line 478:
=== May 2015 Responses ===
=== May 2015 Responses ===


* [https://ccadb-public.secure.force.com/mozillacommunications/CommunicationSummaryReport?CommunicationId=a04o000000M89RCAAZ CA Responses to May 2015 CA Communication]
* [https://ccadb.my.salesforce-sites.com/Surveys/CommunicationSummaryReport?CommunicationId=a04o000000M89RCAAZ CA Responses to May 2015 CA Communication]
* [https://ccadb-public.secure.force.com/mozillacommunications/CommunicationActionOptionResponse?CommunicationId=a04o000000M89RCAAZ&Question=ACTION%20%233:%20After%20January%201,%202016 Responses to Action #3] -- SHA-1 Deprecation Plans
* [https://ccadb.my.salesforce-sites.com/Surveys/CommunicationActionOptionResponse?CommunicationId=a04o000000M89RCAAZ&Question=ACTION%20%233:%20After%20January%201,%202016 Responses to Action #3] -- SHA-1 Deprecation Plans
* [https://ccadb-public.secure.force.com/mozillacommunications/CommunicationActionOptionResponse?CommunicationId=a04o000000M89RCAAZ&Question=ACTION%20%234:%20Workarounds%20were%20implemented Responses to Action #4] -- Removing workarounds implemented to allow mozilla::pkix to handle the things listed here https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Things_for_CAs_to_Fix.  
* [https://ccadb.my.salesforce-sites.com/Surveys/CommunicationActionOptionResponse?CommunicationId=a04o000000M89RCAAZ&Question=ACTION%20%234:%20Workarounds%20were%20implemented Responses to Action #4] -- Removing workarounds implemented to allow mozilla::pkix to handle the things listed here https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Things_for_CAs_to_Fix.  
* [https://ccadb-public.secure.force.com/mozillacommunications/CommunicationActionOptionResponse?CommunicationId=a04o000000M89RCAAZ&Question=ACTION%20%235:%20We%20wish%20to%20understand%20what%20support Responses to Action #5] -- IPv6 survey
* [https://ccadb.my.salesforce-sites.com/Surveys/CommunicationActionOptionResponse?CommunicationId=a04o000000M89RCAAZ&Question=ACTION%20%235:%20We%20wish%20to%20understand%20what%20support Responses to Action #5] -- IPv6 survey


== May 2014 ==
== May 2014 ==
Bwilson
Confirmed users
377

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1203756...1247896"