{"id":2546,"date":"2020-01-13T15:48:49","date_gmt":"2020-01-13T23:48:49","guid":{"rendered":"https:\/\/blog.mozilla.org\/security\/?p=2546"},"modified":"2020-01-13T15:48:49","modified_gmt":"2020-01-13T23:48:49","slug":"january-2020-ca-communication","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2020\/01\/13\/january-2020-ca-communication\/","title":{"rendered":"January 2020 CA Communication"},"content":{"rendered":"<p>Mozilla has sent a<a href=\"https:\/\/wiki.mozilla.org\/CA\/Communications#January_2020_CA_Communication\"> CA Communication<\/a> to inform<a href=\"https:\/\/en.wikipedia.org\/wiki\/Certificate_authority\"> Certificate Authorities (CAs)<\/a> who have root certificates<a href=\"https:\/\/wiki.mozilla.org\/CA\/Included_Certificates\"> included in Mozilla\u2019s program<\/a> about current events relevant to their membership in our program and to remind them of upcoming deadlines. This CA Communication has been emailed to the<a href=\"https:\/\/wiki.mozilla.org\/CA\/Information_Checklist#CA_Primary_Point_of_Contact_.28POC.29\"> Primary Point of Contact (POC)<\/a> and an<a href=\"http:\/\/ccadb.org\/policy#2-contact-information\"> email alias<\/a> for<a href=\"https:\/\/wiki.mozilla.org\/CA\/Included_CAs\"> each CA in Mozilla\u2019s program<\/a>, and they have been asked to respond to the following 7 action items:<\/p>\n<ol>\n<li>Read and fully comply with<a href=\"https:\/\/www.mozilla.org\/en-US\/about\/governance\/policies\/security-group\/certs\/policy\/\"> version 2.7 of Mozilla\u2019s Root Store Policy<\/a>.<\/li>\n<li>Ensure that their CP and CPS complies with the updated policy <a href=\"https:\/\/www.mozilla.org\/en-US\/about\/governance\/policies\/security-group\/certs\/policy\/#33-cps-and-cpses\">section 3.3<\/a> requiring the proper use of \u201cNo Stipulation\u201d and mapping of policy documents to CA certificates.<\/li>\n<li>Confirm their intent to comply with <a href=\"https:\/\/www.mozilla.org\/en-US\/about\/governance\/policies\/security-group\/certs\/policy\/#52-forbidden-and-required-practices\">section 5.2<\/a> of Mozilla&#8217;s Root Store Policy requiring that new end-entity certificates include an EKU extension expressing their intended usage.<\/li>\n<li>Verify that their audit statements meet Mozilla\u2019s <a href=\"https:\/\/www.ccadb.org\/policy#51-audit-statement-content\">formatting requirements<\/a> that facilitate automated processing.<\/li>\n<li>Resolve issues with audits for intermediate CA certificates that have been identified by the <a href=\"https:\/\/wiki.mozilla.org\/CA\/Audit_Letter_Validation\">automated audit report validation system<\/a>.<\/li>\n<li>Confirm awareness of Mozilla\u2019s <a href=\"https:\/\/wiki.mozilla.org\/CA\/Responding_To_An_Incident#Incident_Report\">Incident Reporting requirements<\/a> and the intent to provide good incident reports.<\/li>\n<li>Confirm compliance with the current version of the <a href=\"https:\/\/cabforum.org\/\">CA\/Browser Forum<\/a> <a href=\"https:\/\/cabforum.org\/baseline-requirements-documents\/\">Baseline Requirements<\/a>.<\/li>\n<\/ol>\n<p>The full action items can be read<a href=\"https:\/\/wiki.mozilla.org\/CA\/Communications#January_2020_CA_Communication#September_2018_CA_Communication\"> here<\/a>. Responses to the survey will be automatically and immediately<a href=\"https:\/\/wiki.mozilla.org\/CA\/Communications#January_2020_Responses\"> published by the CCADB<\/a>.<\/p>\n<p>With this CA Communication, we reiterate that participation in Mozilla\u2019s CA Certificate Program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe. Nevertheless, we believe that the best approach to safeguard that security is to work with CAs as partners, to foster open and frank communication, and to be diligent in looking for ways to improve.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Mozilla has sent a CA Communication to inform Certificate Authorities (CAs) who have root certificates included in Mozilla\u2019s program about current events relevant to their membership in our program and &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2020\/01\/13\/january-2020-ca-communication\/\">Read more<\/a><\/p>\n","protected":false},"author":1574,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[45538],"tags":[],"coauthors":[320076],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>January 2020 CA Communication - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2020\/01\/13\/january-2020-ca-communication\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Wayne Thayer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2020\/01\/13\/january-2020-ca-communication\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2020\/01\/13\/january-2020-ca-communication\/\",\"name\":\"January 2020 CA Communication - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"datePublished\":\"2020-01-13T23:48:49+00:00\",\"dateModified\":\"2020-01-13T23:48:49+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/e9d30f6a04fd425b92ce414efb490f7a\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2020\/01\/13\/january-2020-ca-communication\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2020\/01\/13\/january-2020-ca-communication\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2020\/01\/13\/january-2020-ca-communication\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"January 2020 CA Communication\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/e9d30f6a04fd425b92ce414efb490f7a\",\"name\":\"Wayne Thayer\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/9d66cb7b8ff76e006a6f0af6fa7d949a\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/2bd1ca829153b238eca5f4da201857f9?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/2bd1ca829153b238eca5f4da201857f9?s=96&d=identicon&r=g\",\"caption\":\"Wayne Thayer\"},\"sameAs\":[\"https:\/\/x.com\/wthayer\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"January 2020 CA Communication - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2020\/01\/13\/january-2020-ca-communication\/","twitter_misc":{"Written by":"Wayne Thayer","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2020\/01\/13\/january-2020-ca-communication\/","url":"https:\/\/blog.mozilla.org\/security\/2020\/01\/13\/january-2020-ca-communication\/","name":"January 2020 CA Communication - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"datePublished":"2020-01-13T23:48:49+00:00","dateModified":"2020-01-13T23:48:49+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/e9d30f6a04fd425b92ce414efb490f7a"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2020\/01\/13\/january-2020-ca-communication\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2020\/01\/13\/january-2020-ca-communication\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2020\/01\/13\/january-2020-ca-communication\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"January 2020 CA Communication"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/e9d30f6a04fd425b92ce414efb490f7a","name":"Wayne Thayer","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/9d66cb7b8ff76e006a6f0af6fa7d949a","url":"https:\/\/secure.gravatar.com\/avatar\/2bd1ca829153b238eca5f4da201857f9?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2bd1ca829153b238eca5f4da201857f9?s=96&d=identicon&r=g","caption":"Wayne Thayer"},"sameAs":["https:\/\/x.com\/wthayer"]}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2546"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/1574"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=2546"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2546\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=2546"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=2546"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=2546"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=2546"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}