Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925
edits
CA: Difference between revisions
Further tidying up
(General cleanup) |
(Further tidying up) |
||
| Line 1: | Line 1: | ||
__NOTOC__ | |||
= Mozilla's CA Certificate Program = | |||
Mozilla’s CA Certificate Program governs inclusion of root [https://developer.mozilla.org/en-US/docs/Mozilla/Security/x509_Certificates certificates] in [https://developer.mozilla.org/en-US/docs/NSS Network Security Services (NSS),] a set of open source libraries designed to support cross-platform development of security-enabled client and server applications. The NSS root certificate store is not only used in Mozilla products such as the Firefox browser, but is also used by other companies in a variety of products. | Mozilla’s CA Certificate Program governs inclusion of root [https://developer.mozilla.org/en-US/docs/Mozilla/Security/x509_Certificates certificates] in [https://developer.mozilla.org/en-US/docs/NSS Network Security Services (NSS),] a set of open source libraries designed to support cross-platform development of security-enabled client and server applications. The NSS root certificate store is not only used in Mozilla products such as the Firefox browser, but is also used by other companies in a variety of products. | ||
| Line 13: | Line 14: | ||
* [[CA:RootTransferPolicy|Root Transfer Policy]]: Mozilla's expectations when the ownership of an included root certificate changes, the organization operating the PKI changes, and/or the private keys of the root certificate are transferred to a new location. | * [[CA:RootTransferPolicy|Root Transfer Policy]]: Mozilla's expectations when the ownership of an included root certificate changes, the organization operating the PKI changes, and/or the private keys of the root certificate are transferred to a new location. | ||
== Lists of | == Lists of Certificates == | ||
* [[CA:IncludedCAs|Included CA Certificates]] | * [[CA:IncludedCAs|Included CA Certificates]] | ||
* [[CA:RemovedCAcerts|Removed CA Certificates]] | * [[CA:RemovedCAcerts|Removed CA Certificates]] | ||
* [[CA:PendingCAs|Pending CA Certificates]] or certificate trust bit/EV status changes | * [[CA:PendingCAs|Pending CA Certificates]] or certificate trust bit/EV status changes | ||
* [[CA/Dashboard|CA Request Dashboard]] - tracks applications through the process | * [[CA/Dashboard|CA Request Dashboard]] - tracks applications and trust changes through the process | ||
* [[NSS:Release_Versions | NSS:Release_Versions]] shows which product versions a particular root inclusion request was first available in | * [[NSS:Release_Versions | NSS:Release_Versions]] shows which product versions a particular root inclusion request was first available in | ||
* [[CA:SubordinateCAcerts|Public Intermediate Certificates]] | * [[CA:SubordinateCAcerts|Public Intermediate Certificates]] | ||
* [[CA:RevokedSubCAcerts|Revoked Intermediate Certificates]] | * [[CA:RevokedSubCAcerts|Revoked Intermediate Certificates]] | ||
== Program Administration == | |||
Most information relating to the administration of our program is stored either in [https://bugzilla.mozilla.org/ Bugzilla] or in the [[CA:CommonCADatabase|Common CA Database]]. | |||
* [[CA/ca-bugs|Lists of Mis-issuance Incident and Compliance Bugs]] | |||
* [[CA_Bug_Triage|How we mark Bugzilla bugs related to the CA Certificate program]] | |||
== Information for CAs == | |||
* [[CA|Application Process Overview]] | |||
* [[CA:How_to_apply|How To Apply]] | |||
* [[CA:Root_Change_Process|Making Changes to Included Roots]] | |||
* [[CA:Recommended_Practices|Recommended CA practices]] | |||
* [[CA:Problematic_Practices|Potentially problematic CA practices]] | |||
* [[CA:BRs-Self-Assessment|How to do a self-assessment against the Baseline Requirements (BRs)]] | |||
== Discussion Forums == | |||
The following Mozilla public forums are relevant to CA evaluation and related issues. Each forum can be accessed either as a mailing list, over the web or as a newsgroup. | |||
* [https://www.mozilla.org/en-US/about/forums/#dev-security-policy mozilla.dev.security.policy] (MDSP). This forum is used for discussions of Mozilla policies related to security in general and CAs in particular, and for wider discussions about the WebPKI. Among other things, it is the preferred forum for the public comment phase of CA evaluation. If you are a regular participant in MDSP, then please add your name to the [[CA:Policy_Participants|Policy Participants]] page. | |||
* [https://www.mozilla.org/en-US/about/forums/#dev-tech-crypto mozilla.dev.tech.crypto]. This forum is used for discussions of the [http://www.mozilla.org/projects/security/pki/nss/ NSS] cryptographic library used in Firefox and other Mozilla-based products, as well as the [http://www.mozilla.org/projects/security/pki/psm/ PSM] module that implements higher-level security protocols for Firefox. | |||
* [https://www.mozilla.org/en-US/about/forums/#dev-security mozilla.dev.security]. This forum is used for discussions of Mozilla security issues in general. | |||
== Common CA Database (aka CA Community in Salesforce) == | == Common CA Database (aka CA Community in Salesforce) == | ||
| Line 32: | Line 58: | ||
** A '''Root Store Member''' is any root store operator participating in the Common CA Database who has signed Mozilla's Common CA Database Agreement. | ** A '''Root Store Member''' is any root store operator participating in the Common CA Database who has signed Mozilla's Common CA Database Agreement. | ||
* Note: "Common CA Database" is the new name for "CA Community in Salesforce". | * Note: "Common CA Database" is the new name for "CA Community in Salesforce". | ||
== Override Default Root Certificate Settings == | == Override Default Root Certificate Settings == | ||
| Line 65: | Line 84: | ||
** [[CA:Terminology | High Level Terminology]] | ** [[CA:Terminology | High Level Terminology]] | ||
* [[CA:Certificate Download Specification|Certificate download specification]]. This document describes the data formats used by Mozilla products for installing certificates. | * [[CA:Certificate Download Specification|Certificate download specification]]. This document describes the data formats used by Mozilla products for installing certificates. | ||
== Work in Progress == | == Work in Progress == | ||
* [[CA:BRs-Self-Assessment | CA Self-Assessment of BRs]] | * [[CA:BRs-Self-Assessment | CA Self-Assessment of BRs]] | ||
* [[CA:ImprovingRevocation | Plan for Improving Revocation Checking in Firefox]] | * [[CA:ImprovingRevocation | Plan for Improving Revocation Checking in Firefox]] | ||
== Templates == | == Templates == | ||
* [[CA:Email_templates|Email Templates used by CCADB]] | * [[CA:Email_templates|Email Templates used by CCADB]] | ||