CA/Communications: Difference between revisions

← Older edit

CA/Communications (view source)

Revision as of 20:14, 8 September 2023

1,325 bytes added , 8 September 2023

m

→‎August 2023 CA Communication and Survey: Added survey results page

Bwilson

Confirmed users

377

edits

@@ Line 1: / Line 1: @@
 The following are communications that have been sent to Certification Authorities participating in [[CA | Mozilla's root program.]] If you have questions regarding these communications, please first review related discussions in the Mozilla dev-security-policy forum. If your questions cannot be answered in that forum, then please send email to certificates@mozilla.org.
+== August 2023 CA Communication and Survey ==
+Communication and Survey:
+https://docs.google.com/document/d/1ieXSt3rJyOSopJnDp4wFGSugpk6pt5pJFJ55rkpb6Ks/edit?usp=sharing
+The purpose of this communication and survey is to ensure that CA operators are aware of and prepared to comply with changes to the Mozilla Root Store Policy (MRSP), which we plan to publish soon as version 2.9 with an effective date of September 1, 2023.
+The most significant changes to v2.9 of MRSP are:
+# Retirement of Older Root CA Certificates
+#* https://wiki.mozilla.org/CA/Root_CA_Lifecycles
+# Compliance with the CABF’s S/MIME BRs
+#* https://wiki.mozilla.org/CA/Transition_SMIME_BRs
+# Security Vulnerability Reporting
+#* https://wiki.mozilla.org/CA/Vulnerability_Disclosure
+# Removed duplication with CCADB Policy regarding Audit Requirements
+#* https://www.ccadb.org/policy
+# Annual Submission of CCADB Compliance Self-Assessment
+#* https://www.ccadb.org/cas/self-assessment
+# Elimination of SHA-1
+Survey Responses:
+https://docs.google.com/spreadsheets/d/1xJ6VRs2R0tw3-QHoIRzIIO8MWWoqNs576KOxPKYsp3w/edit?usp=sharing
 == February 2023 CA Communication ==
@@ Line 25: / Line 47: @@
 * [https://ccadb.my.salesforce-sites.com/Surveys/CACommunicationSurveySample?CACommunicationId=a058Z000013UmsDQAS Read-only copy of May 2022 CA Communication and Survey]
-** This link is '''Read Only'''. To submit your responses, you must [http://ccadb.org/cas/ login to the CCADB], click on the 'CA Communications' tab and select the 'May 2022 CA Communication and Survey' survey.
+** This link is '''Read Only'''. To submit your responses, you must [http://ccadb.org/cas/ login to the CCADB], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'May 2022 CA Communication and Survey' survey.
 ** Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a 'survey submitted' response''' -- there are required fields.
@@ Line 63: / Line 85: @@
 == April 2021 CA Communication ==
 * [https://ccadb.my.salesforce-sites.com/Surveys/CACommunicationSurveySample?CACommunicationId=a054o00000EL1Fo Read-only copy of April 2021 CA Communication]
-** This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], click on the 'CA Communications' tab under the 'More' tab, and select the 'April 2021 CA Communication' survey.
+** This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'April 2021 CA Communication' survey.
 ** Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a 'survey submitted' response''' -- there are required fields.
@@ Line 73: / Line 95: @@
 Please review version 2.7.1 of [https://www.mozilla.org/projects/security/certs/policy/ Mozilla’s Root Store Policy] internally, and with your auditors as well. After you and your auditors have reviewed these new requirements, complete the April 2021 survey via the Common CA Database (CCADB). This survey also contains information regarding other recent and upcoming changes that may affect your practices. Read all survey questions first before beginning to respond.
 <br><br>
-To respond to this survey, [https://ccadb.org/cas/ log in to the CCADB], click on the 'CA Communications' tab under the 'More' tab, and select the 'April 2021 CA Communication' survey. All CAs with root certificates included in Mozilla’s root store must submit their responses by 30-April-2021.
+To respond to this survey, [https://ccadb.org/cas/ log in to the CCADB], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'April 2021 CA Communication' survey. All CAs with root certificates included in Mozilla’s root store must submit their responses by 30-April-2021.
 <br><br>
 A compiled list of CA responses to the survey will be [https://wiki.mozilla.org/CA/Communications automatically and immediately published] by the CCADB system.
@@ Line 99: / Line 121: @@
 == May 2020 CA Communication ==
 * [https://ccadb.my.salesforce-sites.com/Surveys/CACommunicationSurveySample?CACommunicationId=a051J000042AUSv Read-only copy of May 2020 CA Communication]
-** CAs: This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], click on the 'CA Communications (Page)' tab, and select the 'May 2020 CA Communication' survey. Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a good 'survey submitted' response''' -- there are required fields.
+** CAs: This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'May 2020 CA Communication' survey. Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a good 'survey submitted' response''' -- there are required fields.
 <br />
 Dear Certification Authority,
@@ Line 105: / Line 127: @@
 <br>This survey requests your input on current policy and upcoming policy changes that affect you as a participant in Mozilla's CA Certificate Program.
 <br>
-<br>To respond to this survey, [http://ccadb.org/cas/ login to the CCADB], click on the 'CA Communications (Page)' tab, and select the 'May 2020 CA Communication' survey. All CAs with root certificates included in Mozilla’s root store must submit their responses by 31-May 2020.
+<br>To respond to this survey, [http://ccadb.org/cas/ login to the CCADB], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'May 2020 CA Communication' survey. All CAs with root certificates included in Mozilla’s root store must submit their responses by 31-May 2020.
 <br>
 <br>A compiled list of CA responses to the survey will be [https://wiki.mozilla.org/CA/Communications automatically and immediately published] by the CCADB system.
@@ Line 131: / Line 153: @@
 == January 2020 CA Communication ==
 * [https://ccadb.my.salesforce-sites.com/Surveys/CACommunicationSurveySample?CACommunicationId=a051J00003waNOW Read-only copy of January 2020 CA Communication]
-** CAs: This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], click on the 'CA Communications (Page)' tab, and select the 'January 2020 CA Communication' survey. Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a good 'survey submitted' response''' -- there are required fields.
+** CAs: This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'January 2020 CA Communication' survey. Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a good 'survey submitted' response''' -- there are required fields.
 <br />
 Dear Certification Authority,
@@ Line 139: / Line 161: @@
 <br>As a participant in Mozilla's CA Certificate Program, this survey requires that you answer a set of questions.
 <br>
-<br>To respond to this survey, [https://ccadb.org/cas/ log in to the Common CA Database (CCADB)], click on the 'CA Communications (Page)' tab, and select the ‘January 2020 CA Communication' survey. Please enter your response by 31 January 2020.
+<br>To respond to this survey, [https://ccadb.org/cas/ log in to the Common CA Database (CCADB)], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the ‘January 2020 CA Communication' survey. Please enter your response by 31 January 2020.
 <br>
 <br>A compiled list of CA responses to the survey action items will be [https://wiki.mozilla.org/CA/Communications automatically and immediately published] by the CCADB system.
@@ Line 202: / Line 224: @@
 == September 2018 CA Communication ==
 * [https://ccadb.my.salesforce-sites.com/Surveys/CACommunicationSurveySample?CACommunicationId=a051J00003rMGLL Read-only copy of September 2018 CA Communication]
-** CAs: This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], click on the 'CA Communications (Page)' tab, and select the 'September 2018 CA Communication' survey. Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a good 'survey submitted' response''' -- there are required fields.
+** CAs: This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'September 2018 CA Communication' survey. Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a good 'survey submitted' response''' -- there are required fields.
 <br />
 Dear Certification Authority,
@@ Line 210: / Line 232: @@
 <br>As a participant in Mozilla's CA Certificate Program, this survey requires that you answer a set of questions.
 <br>
-<br>To respond to this survey, [https://ccadb.org/cas/ log in to the Common CA Database (CCADB)], click on the 'CA Communications (Page)' tab, and select the ‘September 2018 CA Communication' survey. Please enter your response by 30-September 2018.
+<br>To respond to this survey, [https://ccadb.org/cas/ log in to the Common CA Database (CCADB)], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the ‘September 2018 CA Communication' survey. Please enter your response by 30-September 2018.
 <br>
 <br>A compiled list of CA responses to the survey action items will be [https://wiki.mozilla.org/CA/Communications automatically and immediately published] by the CCADB system.
@@ Line 240: / Line 262: @@
 == January 2018 CA Communication ==
 * [https://ccadb.my.salesforce-sites.com/Surveys/CACommunicationSurveySample?CACommunicationId=a051J00003mqMFN Read-only copy of January 2018 CA Communication]
-** CAs: This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], click on the 'CA Communications (Page)' tab, and select the 'January 2018 CA Communication' survey. Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a good 'survey submitted' response''' -- there are required fields.
+** CAs: This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'January 2018 CA Communication' survey. Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a good 'survey submitted' response''' -- there are required fields.
 <br />
 Dear Certification Authority,
@@ Line 248: / Line 270: @@
 This survey requests a set of actions on your behalf, as a participant in Mozilla's CA Certificate Program.
 <br /><br />
-To respond to this survey, login to the Common CA Database (CCADB), click on the 'CA Communications (Page)' tab, and select the 'January 2018 CA Communication' survey. Please enter your response by 9-February 2018.
+To respond to this survey, login to the Common CA Database (CCADB), then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'January 2018 CA Communication' survey. Please enter your response by 9-February 2018.
 <br /><br />
 A compiled list of CA responses to the survey action items will be automatically and immediately published by the CCADB system.
@@ Line 277: / Line 299: @@
 * [https://ccadb.my.salesforce-sites.com/Surveys/CACommunicationSurveySample?CACommunicationId=a051J00003mogw7 Read-only copy of November 2017 CA Communication]
-** CAs: This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], click on the 'CA Communications (Page)' tab, and select the 'November 2017 CA Communication' survey. Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a good 'survey submitted' response''' -- there are required fields.
+** CAs: This link is '''Read Only'''. To submit your response, you must [http://ccadb.org/cas/ login to the CCADB], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'November 2017 CA Communication' survey. Make sure you click on the ''''Submit'''' button at the bottom of the survey, and '''make sure you get a good 'survey submitted' response''' -- there are required fields.
 Dear Certification Authority,
@@ Line 283: / Line 305: @@
 This survey requests a set of actions on your behalf, as a participant in [[CA|Mozilla's CA Certificate Program]].
-To respond to this survey, login to the [http://ccadb.org/cas Common CA Database (CCADB)], click on the 'CA Communications (Page)' tab, and select the 'November 2017 CA Communication' survey. Please enter your response by December 15, 2017.
+To respond to this survey, login to the [http://ccadb.org/cas Common CA Database (CCADB)], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'November 2017 CA Communication' survey. Please enter your response by December 15, 2017.
 A compiled list of CA responses to the survey action items will be [[CA/Communications|automatically and immediately published]] by the CCADB system.
@@ Line 302: / Line 324: @@
 * [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00050,Q00051 Responses to Action 4] -- Reiterate [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#audit-parameters audit requirements] and '''penalty for incomplete audit statements'''
 * [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00039,Q00046 Responses to Action 5] -- Perform a [[CA/BR_Self-Assessment|BR Self Assessment]]
-* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00042,Q00048 Responses to Action 6] -- Provide tested email address for [https://ccadb-public.secure.force.com/mozilla/CAInformationReport Problem Reporting Mechanism]
+* [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00042,Q00048 Responses to Action 6] -- Provide tested email address for [https://ccadb.my.salesforce-sites.com/mozilla/CAInformationReport Problem Reporting Mechanism]
 * [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00040,Q00047 Responses to Action 7] -- Follow new developments and effective dates for [http://tools.ietf.org/html/rfc6844 Certification Authority Authorization (CAA)]
 * [https://ccadb.my.salesforce-sites.com/Surveys/CACommResponsesOnlyReport?CommunicationId=a051J00003mogw7&QuestionId=Q00052,Q00053 Responses to Action 8] -- Check [https://groups.google.com/d/msg/mozilla.dev.security.policy/4kj8Jeem0EU/GvqsgIzSAAAJ issuance of certs to .tg domains] from October 25 to November 11, 2017.
@@ Line 359: / Line 381: @@
 * [https://ccadb.my.salesforce-sites.com/Surveys/CACommunicationSurveySample?CACommunicationId=a05o000003WrzBC Read-only copy of April 2017 CA Communication]
-** CAs: This link is '''Read Only'''. To submit your response, you must [https://ccadb.force.com/CustomLogin login to the CCADB], click on the 'CA Communications (Page)' tab, and select the 'April 2017 CA Communication' survey. Make sure you click on the 'Submit' button at the bottom of the survey, and make sure you get a good 'survey submitted' response -- there are required fields.
+** CAs: This link is '''Read Only'''. To submit your response, you must [https://ccadb.force.com/CustomLogin login to the CCADB], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'April 2017 CA Communication' survey. Make sure you click on the 'Submit' button at the bottom of the survey, and make sure you get a good 'survey submitted' response -- there are required fields.
 Dear Certification Authority,
@@ Line 365: / Line 387: @@
 This survey requests a set of actions on your behalf, as a participant in [[CA:IncludedCAs|Mozilla's CA Certificate Program]].
-To respond to this survey, [https://mozillacacommunity.force.com/CustomLogin login to the Common CA Database (CCADB)], click on the 'CA Communications (Page)' tab, and select the 'April 2017 CA Communication' survey. Please enter your response by April 28, 2017.
+To respond to this survey, [https://mozillacacommunity.force.com/CustomLogin login to the Common CA Database (CCADB)], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'April 2017 CA Communication' survey. Please enter your response by April 28, 2017.
 A compiled list of CA responses to the survey action items will be automatically and immediately published by the CCADB system.
@@ Line 404: / Line 426: @@
 This survey requests a set of actions on your behalf, as a participant in Mozilla's CA Certificate Program, by April 22, 2016.
-To respond to this survey, please login to the [[CA:SalesforceCommunity|CA Community in Salesforce]], click on the 'CA Communications (Page)' tab, and select the 'March 2016 CA Communication' survey. Please enter your response by April 22, 2016.
+To respond to this survey, please login to the [[CA:SalesforceCommunity|CA Community in Salesforce]], then click on the 'COMMUNICATIONS' tab in the 'My CA' page, and select the 'March 2016 CA Communication' survey. Please enter your response by April 22, 2016.
 A compiled list of CA responses to the survey action items will be [[CA:Communications#March_2016_Responses|automatically and immediately published]] by Salesforce.