Confirmed users, Administrators
5,526
edits
CA/Communications: Difference between revisions
→September 8, 2011
(Created page with "The following are communications that have been sent to Certification Authorities participating in Mozilla's root program. === September 8, 2011 === '''Subject:''' Mozilla Commu...") |
|||
| Line 2: | Line 2: | ||
=== September 8, 2011 === | === September 8, 2011 === | ||
Subject: Mozilla Communication: Immediate action requested | |||
Dear Certification Authority, | Dear Certification Authority, | ||
| Line 31: | Line 31: | ||
Participation in Mozilla's root program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe. Nevertheless, we believe that the best approach to safeguard that security is to work with CAs as partners, to foster open and frank communication, and to be diligent in looking for ways to improve. Thank you for your participation in this pursuit. | Participation in Mozilla's root program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe. Nevertheless, we believe that the best approach to safeguard that security is to work with CAs as partners, to foster open and frank communication, and to be diligent in looking for ways to improve. Thank you for your participation in this pursuit. | ||
Regards, | |||
Kathleen Wilson | |||
Module Owner of Mozilla's CA Certificates Module | |||
=== April, 2011 === | |||
Subject: Mozilla Communication: Policy Discussions are in Progress that may Impact Your CA | |||
Dear Certification Authority, | |||
On behalf of Mozilla, I am contacting you in regards to three important items that we would like to bring to your attention. | |||
1) The CA/Browser Forum has published a final draft of the document "Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates." We are now hosting a discussion about this document in the mozilla.dev.security.policy forum. For more information, see http://cabforum.org/. | |||
The document is here: http://cabforum.org/Baseline_Requirements_Draft_30b.pdf | |||
Mozilla supports the CA/Browser Forum’s efforts in this area. After version 1.0 of the CA/Browser Forum’s Baseline Requirements document is published, we will have a discussion to add a requirement to the Mozilla CA Certificate Policy (http://www.mozilla.org/projects/security/certs/policy/) that CAs include the CA/Browser Forum Baseline Requirements in their policies, practices, and audits. Therefore, we urge you to review the draft of the Baseline Requirements, assessing the impact to your CA policies and practices, and participate in the current discussions about these requirements. The CA/Browser Forum has set the duration of this discussion to 45 days from April 11. | |||
2) Mozilla has begun discussions about the Phase 2 items to be considered for updating the Mozilla CA Certificate Policy, https://wiki.mozilla.org/CA:CertPolicyUpdates#Second_Phase. The current discussions are focused on RAs and Subordinate CAs. We recommend that you monitor and contribute to these discussions so that you are aware of how the potential changes to the Mozilla CA Certificate Policy may impact you. | |||
3) As per previous communications, we will implement a code change to stop accepting MD5 as a hash algorithm for intermediate and end-entity certificates. After June 30, 2011, software published by Mozilla will return an error when a certificate with an MD5-based signature is used. Mozilla will take this action earlier and at its sole discretion if necessary to keep our users safe. For more information, please see https://wiki.mozilla.org/CA:MD5and1024. | |||
We look forward to your continued involvement and contributions to improving Mozilla’s CA Certificate Policy and practices. | |||
Regards, | Regards, | ||
Kathleen Wilson | Kathleen Wilson | ||
Module Owner of Mozilla's CA Certificates Module | Module Owner of Mozilla's CA Certificates Module | ||