On Monday, January 22, 2018 at 9:32:13 PM UTC+2, Wayne Thayer wrote: > Today I noticed the following ComSign response to question 6 [1] in > Mozilla's November 2017 CA Communication: > > We are in the process of perfecting our CAA system. As far as I know we do > > not have a devoted mailbox for problem reporting in the root program, the > > mail for that should be mine – [email protected] > > <[email protected]> > This first implies that ComSign is not yet performing CAA checking as > required by the BRs effective 8-Sept 2017.
>>>while we answered the survey we were still working on improving our CAA >>>checking, today we do perform the CAA checking as required. > While the BRs do not require problem reports to be accepted via email, they > do require CAs to "publicly disclose the instructions through a readily > accessible online means". The ComSign CPS includes two email addresses: > [email protected] and [email protected]. How has ComSign > met this requirement? >>> we added to our Hebrew site a contact us box devoted to report any >>> problems (such as fraud,misuse,compromise etc) regarding the SSL certs. in addition to a section in the Contact Us boxes, we are also adding it to our English site and it would be there by the end of today. > I will leave the discussion period open until ComSign has responded to > these concerns. >>>I hope that we have taken care of all your concerns and we can move on - Yair _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
