CA/Subordinate CA Checklist: Difference between revisions

CA/Subordinate CA Checklist (view source)

58 bytes added , 12 December 2008

Confirmed users, Administrators

5,526

edits

@@ Line 6: / Line 6: @@
 # The CP/CPS that the sub-CAs are required to follow.
 # Requirements (technical and contractual) for sub-CAs in regards to whether or not sub-CAs are constrained to issue certificates only within certain domains, and whether or not sub-CAs can create their own subordinates.
-# Requirements for sub-CAs to take reasonable measures to verify the ownership of the domain name and email address for end-entity certificates chaining up to the root, as per section 7 of our [http://www.mozilla.org/projects/security/certs/policy/ Mozilla CA certificate policy.]
+# Requirements (typically in the CP or CPS) for sub-CAs to take reasonable measures to verify the ownership of the domain name and email address for end-entity certificates chaining up to the root, as per section 7 of our [http://www.mozilla.org/projects/security/certs/policy/ Mozilla CA certificate policy.]
 #* domain ownership/control
 #* email address ownership/control
 #* digitally signing code objects -- entity submitting the certificate signing request is the same entity referenced in the certificate
-# Description of audit requirements for sub-CAs
+# Description of audit requirements for sub-CAs (typically in the CP or CPS)
 #*Whether or not the root CA audit includes the sub-CAs.
 #*Who can perform the audits for sub-CAs.