MozillaWiki

CA:ImprovingRevocation: Difference between revisions

Page Discussion

CA:ImprovingRevocation (view source)

Revision as of 00:19, 5 September 2013

806 bytes added ,  5 September 2013
→‎Preload Revocations of Certain End-Entity Certificates
Line 169: Line 169:


* Policy Change: Will need to discuss.
* Policy Change: Will need to discuss.
** Look into using the notification policy expressed in NIST IR 7924, Section 5.7, minus the private key compromise case.
 
'''When''' To Notify Mozilla:  CAs must notify Mozilla of end-entity revocations when an end-entity certificate is revoked due to a technical issue that enabled the certificate to be inappropriately used, such as:
* Wrong Key Usage
* Certificate issued for a domain to somebody that doesn't own/control that domain
 
'''Time Frame''' for Notification: within 24 hours of revocation of such a certificate
 
'''How''' to notify Mozilla of a revocation:
* If the revocation is due to a security concern or of revocation of a website certificate whose revocation was not prompted by the certificate owner, send email to security@mozilla.org.
* To notify us of a certificate revocation, submit a bug report into the mozilla.org Bugzilla system, filed against the "CA Certificates" component of the "NSS" product. Whenever possible, the CA should send us the revoked certificate itself, along with the rfc5280 revocation reason code.  


* Process Change: To be determined.
* Process Change: To be determined.


=== ''Change Name'' ===
=== ''Change Name'' ===
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/703291"