CA/Required or Recommended Practices: Difference between revisions

Jump to navigation Jump to search

CA/Required or Recommended Practices (view source)

Revision as of 22:59, 1 April 2019

132 bytes added ,  1 April 2019
→‎Baseline Requirements: Update BR references
m (changed the new links to point to the bugzilla bugs)
(→‎Baseline Requirements: Update BR references)
Line 124: Line 124:
* BR subsections 3.2.2.4.1 and 3.2.2.4.5 were banned effective 1-August-2018.
* BR subsections 3.2.2.4.1 and 3.2.2.4.5 were banned effective 1-August-2018.
** "CAs must stop using domain validation methods BR 3.2.2.4.1 and 3.2.2.4.5, stop reusing validation data from those methods"
** "CAs must stop using domain validation methods BR 3.2.2.4.1 and 3.2.2.4.5, stop reusing validation data from those methods"
* BR subsections 3.2.2.4.9 and 3.2.2.4.10 contain major vulnerabilities. If the CA uses these methods, then the CA should describe how they are mitigating those vulnerabilities. If not using those methods, the CPS should say so.
* BR subsection 3.2.2.9 was banned by ballot SC15, effective 16-March 2019
* BR section 3.2.2.5(4) includes "any other method". Saying the CA follows BR section 3.2.2.5 does not meet [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy#22-validation-practices Mozilla's disclosure requirements for this method]. The CPS must describe if/how "any other method" is implemented.
* BR subsection 3.2.2.4.10 contains major vulnerabilitie. If the CA uses this method, then the CA should describe how they are mitigating those vulnerabilities. If not using this method, the CPS should say so.
* BR subsection 3.2.2.5(4) "any other method" is not permitted in conjunction with 3.2.2.4.8 per [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy#22-validation-practices Mozilla's Root Store Policy]. The CPS should be clear that they do not do that.
* BR section 3.2.2.5(4) was updated by ballot SC7 to remove "any other method", effective 1-August 2019. Prior to that date:
** Saying the CA follows BR section 3.2.2.5 does not meet [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy#22-validation-practices Mozilla's disclosure requirements for this method]. The CPS must describe if/how "any other method" is implemented.
** BR subsection 3.2.2.5(4) "any other method" is not permitted in conjunction with 3.2.2.4.8 per [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy#22-validation-practices Mozilla's Root Store Policy]. The CPS should be clear that they do not do that.


===== WHOIS =====
===== WHOIS =====
Wthayer
136

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1209899"

Navigation menu