MozillaWiki

CA:DraftPage: Difference between revisions

Page Discussion

CA:DraftPage (view source)

Revision as of 17:51, 25 September 2018

14,006 bytes removed ,  25 September 2018
Delete
(Delete)
 
Line 1: Line 1:
DRAFT
== Schedule for CA evaluations ==


''Note that this schedule is tentative and may change without warning based on unforeseen circumstances. Nothing in this schedule shall be construed as a commitment by the Mozilla Foundation or the Mozilla project in general.''
=== General timeline ===
Our process for evaluating CA requests is as follows:
# We assign CAs into different groups according to the general priority of processing their requests, and then assign each CA a specific target date for beginning public discussion of their request(s).
# Prior to the target date for a CA we gather any needed information from the CA; if for some reason we cannot obtain the needed information then we will postpone consideration of the CA and schedule some other CA for that target date.
# Once a CA enters the public discussion period we allow one week for public comment on the CA's request, after which we will make a decision as to whether to approve the request.
# If a request is approved then we will file bugs against the appropriate developer(s) to have the necessary changes made to NSS (for CA root inclusion) or PSM (for EV-enabling a CA) or both.
# If a request is not approved due to outstanding issues that need to be addressed (e.g., a need for further information, or concerns about CA practices) then the request will be put back in the queue and reassigned a new target date for public discussion once the issues have been resolved.
Once bugs are filed against NSS and/or PSM the schedule is set first by the NSS/PSM developer(s) (for making the technical changes) and then by the product teams for Firefox and other products (to include the new changes in a release of Firefox, etc.) In general it may take 2-3 months or even longer for changes to go into a shipping version of Firefox (typically into a security update release). For products like Firefox that have automated update mechanisms, once a new release is distributed via automated update the vast majority of users will receive the update (including any CA-related changes) within 2-3 weeks.
=== Priority groups ===
CAs are assigned priorities based on the following factors, among others:
* length of time the CA has been in the queue
* whether information gathering for the CA has been completed
* whether the request is for EV status or not
* market share of the CA
* size and importance of the CA's geographic market
* for government CAs, whether the government is national or regional
The following CAs will likely have higher priority in the schedule; note that the CAs are listed in alphabetical order:
* Chunghwa Telecom eCA (much older request than bug number indicates)
* DCSSI (national CA)
* FNMT (national CA)
* ICP-Brasil (national CA)
* KISA (national CA)
* SECOM Trust (important commercial CA in its region)
* T-Systems (already in process, need to re-start public discussion)
The following CA requests will likely have lower priority in the schedule; again these are listed in alphabetical order:
* ACCV (regional government CA)
* CATCert (regional government CA)
* Comodo (401587) (EV request for legacy roots, not clear if this is actually needed)
* Izenpe (regional government CA)
* Trustis (waiting on ETSI audit)
* VeriSign/GeoTrust/thawte (420760) (EV request for legacy roots, not clear if this is actually needed)
=== Queue for Public Discussion ===
The following queue indicates the order in which requests will enter public discussion. The goal is to start one public discussion per week. To be added to this queue, a request must first achieve the "Information Confirmed Complete" status. However, further information may still be needed before the public discussion can begin, such as an updated audit. If a particular request isn't quite ready when it is their turn, the next request in the queue will take it's place.
{|
|-
! CA || Bug ID || Geographic focus || Audit Date || Status || Notes
|-
| [http://www.mozilla.org/projects/security/certs/pending/#SECOM%20Trust SECOM Trust] || [http://bugzilla.mozilla.org/show_bug.cgi?id=394419 394419] || Japan || 10/31/2008 || Ready for Second Public Discussion || EV
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Microsec Microsec Ltd] || [http://bugzilla.mozilla.org/show_bug.cgi?id=370505 370505] || Hungary || 8/19/2008 || Ready for Second Public Discussion || OCSP issues resolved, request for CPS in English
|-
| [http://www.mozilla.org/projects/security/certs/pending/#S-TRUST S-TRUST] || [http://bugzilla.mozilla.org/show_bug.cgi?id=370627 370627] || Germany || 5/2/2008 || In Public Discussion || Issue with new root every year
|-
| [http://www.mozilla.org/projects/security/certs/pending/#KISA KISA] || [http://bugzilla.mozilla.org/show_bug.cgi?id=335197 335197] || Korea || Need  || Responding to First Public Discussion || need to complete sub-CA review
|-
| [http://www.mozilla.org/projects/security/certs/pending/#T-Systems T-Systems] || [http://bugzilla.mozilla.org/show_bug.cgi?id=378882 378882] || Germany || 12/3/2007 || Responding to First Public Discussion || need to complete sub-CA review
|-
| [http://www.mozilla.org/projects/security/certs/pending/#DCSSI DCSSI] || [http://bugzilla.mozilla.org/show_bug.cgi?id=368970 368970] || France || 11/20/2008 || In Queue || national government CA
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Certigna%20of%20Dhimyotis Certigna] || [http://bugzilla.mozilla.org/show_bug.cgi?id=393166 393166] || Europe || 8/20/2008 || In Queue ||
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Hongkong%20Post Hongkong Post] || [http://bugzilla.mozilla.org/show_bug.cgi?id=408949 408949] || China || 3/10/2008 || In Queue || national government CA
|-
| [http://www.mozilla.org/projects/security/certs/pending/#ComSign Comsign] || [http://bugzilla.mozilla.org/show_bug.cgi?id=420705 420705] || Israel || 11/9/2008 || In Queue ||
|-
| [http://www.mozilla.org/projects/security/certs/pending/#TC%20TrustCenter TC TrustCenter] || [http://bugzilla.mozilla.org/show_bug.cgi?id=392024 392024] || Germany || 8/3/2007 || In Queue || Class 1, 2, and 3
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Certicamara%20S.A. Certicámara SA] || [http://bugzilla.mozilla.org/show_bug.cgi?id=401262 401262] || Spain || 3/31/2008 || In Queue ||
|-
| [http://www.mozilla.org/projects/security/certs/pending/#SSC SSC, Lithuanian National Root] || [http://bugzilla.mozilla.org/show_bug.cgi?id=379152 379152] || Lithuania || 2006 || In Queue || national government CA
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Kamu%20SM Kamu Sertifikasyon Merkezi] || [http://bugzilla.mozilla.org/show_bug.cgi?id=381974 381974] || Turkey || 6/18/2007 || In Queue || national government CA
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Sertifitseerimiskeskus%20AS Sertifitseerimiskeskus AS] || [http://bugzilla.mozilla.org/show_bug.cgi?id=414520 414520] || Baltic region || 10/31/2007 || In Queue || CRL has critical CIDP
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Verizon%20/%20Cybertrust Verizon/Cybertrust] || [http://bugzilla.mozilla.org/show_bug.cgi?id=430700 430700] || global || 7/28/2008 || In Queue || EV, has resellers
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Verizon%20/%20Cybertrust Verizon/CyberTrust] || [http://bugzilla.mozilla.org/show_bug.cgi?id=430694 430694] || global ||  7/28/2008 || In Queue || EV, has resellers
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Verizon%20/%20Cybertrust Verizon/CyberTrust] || [http://bugzilla.mozilla.org/show_bug.cgi?id=430698 430698] || global || 7/28/2008 || In Queue || EV, has resellers
|-
| [http://www.mozilla.org/projects/security/certs/pending/#E-TUGRA E-Tugra] || [http://bugzilla.mozilla.org/show_bug.cgi?id=443653 443653] || Turkey || 5/16/2007 || In Queue ||
|-
| [http://www.mozilla.org/projects/security/certs/pending/#SwissSign SwissSign] || [http://bugzilla.mozilla.org/show_bug.cgi?id=453460 453460] || Switzerland || 11/3/2008 || In Queue || EV
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Disig Disig] || [http://bugzilla.mozilla.org/show_bug.cgi?id=455878 455878] || Slovakia || 5/31/2008 || In Queue ||
|-
| [http://www.mozilla.org/projects/security/certs/pending/#VeriSign Verisign] || [http://bugzilla.mozilla.org/show_bug.cgi?id=409235 409235] || global || 1/31/2008 || In Queue || ECC
|-
| [http://www.mozilla.org/projects/security/certs/pending/#GeoTrust GeoTrust] || [http://bugzilla.mozilla.org/show_bug.cgi?id=409236 409236] || global || 1/31/2008 || In Queue || ECC
|-
| [http://www.mozilla.org/projects/security/certs/pending/#thawte thawte] || [http://bugzilla.mozilla.org/show_bug.cgi?id=409237 409237] || global || 1/31/2008 || In Queue || ECC
|}
=== Requests in the Information Gathering and Verification Phase ===
The following CAs are in the Information Gathering and Verification Phase as described in [https://wiki.mozilla.org/CA:How_to_apply CA:How_to_apply.] These requests need to complete the Information Gathering and Verification Phase before they can be put into the queue for public discussion.
{|
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#ACCV ACCV] || [http://bugzilla.mozilla.org/show_bug.cgi?id=274100 274100] || Spain || regional government CA
|-
| || CATCert || [http://bugzilla.mozilla.org/show_bug.cgi?id=295474 295474] || Spain || regional government CA, add to pending list
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#Trustis Trustis] || [http://bugzilla.mozilla.org/show_bug.cgi?id=324126 324126] || Europe || awaiting ETSI audit
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#ARGE%20DATEN ARGE DATEN] || [http://bugzilla.mozilla.org/show_bug.cgi?id=348987 348987] || Austria ||
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#Izenpe Izenpe] || [http://bugzilla.mozilla.org/show_bug.cgi?id=361957 361957] || Spain || EV, regional government CA
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#DigiNotar DigiNotar] || [http://bugzilla.mozilla.org/show_bug.cgi?id=369357 369357] || Netherlands || EV
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#Comodo Comodo] || [http://bugzilla.mozilla.org/show_bug.cgi?id=401587 401587] || global || EV, not needed for legacy roots?
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#VeriSign VeriSign] || [http://bugzilla.mozilla.org/show_bug.cgi?id=402947 402947] || global || additional trust flags
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#Camerfirma Camerifirma] || [http://bugzilla.mozilla.org/show_bug.cgi?id=406968 406968] || Spain ||
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#thawte thawte] || [http://bugzilla.mozilla.org/show_bug.cgi?id=407163 407163] || global || additional trust flags
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#GeoTrust GeoTrust] || [http://bugzilla.mozilla.org/show_bug.cgi?id=407168 407168] || global || additional trust flags
|-
||| [http://www.mozilla.org/projects/security/certs/pending/#VAS%20Latvijas%20Pasts VAS "Latvijas Pasts"] || [http://bugzilla.mozilla.org/show_bug.cgi?id=412747 412747] || Latvia ||
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#Entrust Entrust] || [http://bugzilla.mozilla.org/show_bug.cgi?id=416544 416544] || global || EV
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#VeriSign VeriSign], [http://www.mozilla.org/projects/security/certs/pending/#GeoTrust GeoTrust] and [http://www.mozilla.org/projects/security/certs/pending/#thawte thawte] || [http://bugzilla.mozilla.org/show_bug.cgi?id=420760 420760] || global || EV, no longer needed?
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#TURKTRUST TÜRKTRUST] || [http://bugzilla.mozilla.org/show_bug.cgi?id=433845 433845] || Turkey ||
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#Swiss%20BIT Swiss BIT] || [http://bugzilla.mozilla.org/show_bug.cgi?id=435026 435026] || Switzerland ||
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#FNMT FNMT]|| [http://bugzilla.mozilla.org/show_bug.cgi?id=435736 435736] || Spain || national government CA
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#Staat%20der%20Nederlanden Staat der Nederlanden] || [http://bugzilla.mozilla.org/show_bug.cgi?id=436056 436056] || Netherlands || national government CA
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#TC%20TrustCenter TC TrustCenter] || [http://bugzilla.mozilla.org/show_bug.cgi?id=436467 436467] || Germany || EV
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#ICP-Brasil ICP-Brasil] || [http://bugzilla.mozilla.org/show_bug.cgi?id=438825 438825] || Brazil || national government CA
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#Chunghwa%20Telecom Chunghwa Telecom eCA] || [http://bugzilla.mozilla.org/show_bug.cgi?id=448794 448794] || Taiwan ||
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#StartCom StartCom] || [http://bugzilla.mozilla.org/show_bug.cgi?id=451298 451298] || Israel || add code signing and EV
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#Serasa%20S.A. Serasa S.A.] || [http://bugzilla.mozilla.org/show_bug.cgi?id=457921 457921] || Brazil||
|-
| || Finnish Population Register || [http://bugzilla.mozilla.org/show_bug.cgi?id=463989 463989] || Finland||add to pending list
|-
| || D-TRUST || [http://bugzilla.mozilla.org/show_bug.cgi?id=467891 467891] || || add to pending list
|-
| || Certsign || [http://bugzilla.mozilla.org/show_bug.cgi?id=470756 470756] || || add to pending list
|-
| || ACEDICOM || [http://bugzilla.mozilla.org/show_bug.cgi?id=471045 471045] || || add to pending list
|-
| || [http://www.mozilla.org/projects/security/certs/pending/#Japanese%20GPKI Japan GPKI] || [http://bugzilla.mozilla.org/show_bug.cgi?id=474706 474706] || Japan || national government CA
|-
|}
Wthayer
136

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1201551"