The CCADB stores a couple of different types of "contact" records:
Primary POC (1 or more): someone who is "authorized to speak for and to bind the CA that they represent."
POC (0 or more): Another contact at that CA.
Email Alias (1 or 2): defined as "more likely to continue working as personnel change".
All are per-organization values, and I don't believe any of them are published. However, this then leads to a question about which contacts should be used in what circumstances.
The Common CCADB Policy says:
"Notification of security and audit-related issues will be emailed to all POCs and the email aliases; CAs are advised to supply sufficient POCs that will enable them to respond to an issue promptly."
This is a bit of an administrative pain.
The proposal is that we change this to "email the primary POCs and CC the first email alias", to reduce the administrative burden on Root Stores.
The CCADB stores a couple of different types of "contact" records:
All are per-organization values, and I don't believe any of them are published. However, this then leads to a question about which contacts should be used in what circumstances.
The Common CCADB Policy says:
"Notification of security and audit-related issues will be emailed to all POCs and the email aliases; CAs are advised to supply sufficient POCs that will enable them to respond to an issue promptly."
This is a bit of an administrative pain.
The proposal is that we change this to "email the primary POCs and CC the first email alias", to reduce the administrative burden on Root Stores.
Gerv