MozillaWiki

CA/Communications: Difference between revisions

Page Discussion

CA/Communications (view source)

Revision as of 02:56, 28 January 2018

38 bytes added ,  28 January 2018
→‎January 2018 CA Communication: Update Defn of technically constrained
(→‎January 2018 CA Communication: Updated BR Self Assessment options)
(→‎January 2018 CA Communication: Update Defn of technically constrained)
Line 52: Line 52:
ACTION 3: Disclose All Non-Technically-Constrained Subordinate CA Certificates
ACTION 3: Disclose All Non-Technically-Constrained Subordinate CA Certificates
<br /><br />
<br /><br />
Sections 5.3.1 and 5.3.2 of Mozilla Root Store Policy version 2.5 [5] require CAs to publicly disclose (via CCADB [6]) all subordinate CA certificates including those used to issue email S/MIME certificates by 15-January unless they are technically constrained to a whitelist of domains. We have since changed the compliance deadline to 15-April 2018. Certificate monitors have detected over 200 certificates that currently do not comply with this new policy. [7] Please ensure that your CA is in compliance before 15-April 2018.
Sections 5.3.1 and 5.3.2 of Mozilla Root Store Policy version 2.5 [5] require CAs to publicly disclose (via CCADB [6]) all subordinate CA certificates including those used to issue email S/MIME certificates by 15-January unless they are technically constrained via both EKU and Name Constraints to a set of validated domains. We have since changed the compliance deadline to 15-April 2018. Certificate monitors have detected over 200 certificates that currently do not comply with this new policy. [7] Please ensure that your CA is in compliance before 15-April 2018.
<br /><br />
<br /><br />
[5] https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/<br />
[5] https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/<br />
Wthayer
136

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1187682"