CA:Schedule: Difference between revisions

Schedule for CA evaluations

Note that this schedule is tentative and may change without warning based on unforeseen circumstances. Nothing in this schedule shall be construed as a commitment by the Mozilla Foundation or the Mozilla project in general.

General timeline

Our process for evaluating CA requests is as follows:

1. We assign CAs into different groups according to the general priority of processing their requests, and then assign each CA a specific target date for beginning public discussion of their request(s).
2. Prior to the target date for a CA we gather any needed information from the CA; if for some reason we cannot obtain the needed information then we will postpone consideration of the CA and schedule some other CA for that target date.
3. Once a CA enters the public discussion period we allow one week for public comment on the CA's request, after which we will make a preliminary determination as to whether the request should be approved or not.
4. If a request receives preliminary approval then we have a second one-week comment period prior to final approval.
5. If a request receives final approval then we will file bugs against the appropriate developer(s) to have the necessary changes made to NSS (for CA root inclusion) or PSM (for EV-enabling a CA) or both.
6. If a request does not receive preliminary or final approval then it will be put back in the queue and reassigned a new target date.

Once bugs are filed against NSS and/or PSM the schedule is set first by the NSS/PSM developer(s) (for making the technical changes) and then by the product teams for Firefox and other products (to include the new changes in a release of Firefox, etc.)

Priority groups

CAs are assigned priorities based on the following factors, among others:

• length of time the CA has been in the queue
• whether information gathering for the CA has been completed
• whether the request is for EV status
• market share of the CA
• size and importance of the CA's geographic market

To be written.

Target schedule

The current schedule is predicated on our starting public discussion on one new CA each week.

409235 Verisign's G4 ECC root certificate 409236 GeoTrust's ECC root 409237 Thawte root CA certificate 409837 Trustwave "SecureTrust CA" EV root 409838 Trustwave "Secure Global CA" EV root 409840 Trustwave "XGCA" root for EV 412747 VAS "Latvijas Pasts" CA root cert 414520 Sertifitseerimiskeskus AS root CA certificate 416544 Entrust roots for EV 420705 Comsign 420760 Verisign, GeoTrust and thawte || n/a || EV, no longer needed? 421946 COMODO ECC, EV 428390 EV SSL: Request addition of the WellsSecure Public Root Certificate Authority 430694 GTE CyberTrust Global Root for EV Extended Validation SSL 430698 Baltimore CyberTrust Root for EV Extended Validation SSL 430700 Cybertrust Global Root, plus enable EV SSL support 433845 TÜRKTRUST 435026 enh -- All hecker@hecker.org NEW Add Swiss BIT Root certificate 435736 enh -- All hecker@hecker.org ASSI Add Spanish FNMT root certificate 436056 enh -- All hecker@hecker.org ASSI Add second Staat der Nederlanden root certificate 436467 enh -- All kathleen95014@yahoo.com ASSI add new TC TrustCenter EV root certificate 438825 enh -- All kathleen95014@yahoo.com NEW Add CA Root certificate (Brazil's National PKI) 443653 enh -- All hecker@hecker.org ASSI Add Root (EBG Informatic Technologies and Services Corp. (E-Tugra)) 448794 enh -- All kathleen95014@yahoo.com NEW Add Chunghwa Telecom eCA root certificate 451298 enh -- All hecker@hecker.org NEW Enable EV and code signing for StartCom Root 453460 nor -- All hecker@hecker.org UNCO Add "SwissSign Gold CA - G2" as EV Root Certificate 453887 [SEC] nor -- Mac hecker@hecker.org NEW check for out-of-business CA's that we still might be shipping 455878 enh -- All hecker@hecker.org UNCO Add CA Disig root certificate into browser