Confirmed users, Administrators
5,526
edits
CA:CertificatePolicyV2.3: Difference between revisions
m
Clarification about technically constrained intermediate certs
m (clarification) |
m (Clarification about technically constrained intermediate certs) |
||
| Line 83: | Line 83: | ||
* Add text clarifying that non-technically-constrained intermediate certs have to be entered into the [[CA:SalesforceCommunity#Which_intermediate_certificate_data_should_CAs_add_to_Salesforce.3F|CA Community in Salesforce]]. And clarify when they have to be entered in regards to when such intermediate certs are created. | * Add text clarifying that non-technically-constrained intermediate certs have to be entered into the [[CA:SalesforceCommunity#Which_intermediate_certificate_data_should_CAs_add_to_Salesforce.3F|CA Community in Salesforce]]. And clarify when they have to be entered in regards to when such intermediate certs are created. | ||
** The [https://mozillacaprogram.secure.force.com/Communications/CACommunicationSurveySample?CACommunicationId=a05o000000iHdtx March 2016 CA Communication] required CAs to enter their existing non-technically-constrained intermediate certificates into the CA Community in Salesforce by June 30, 2016. | ** The [https://mozillacaprogram.secure.force.com/Communications/CACommunicationSurveySample?CACommunicationId=a05o000000iHdtx March 2016 CA Communication] required CAs to enter their existing non-technically-constrained intermediate certificates into the CA Community in Salesforce by June 30, 2016. | ||
** The [[CA:SalesforceCommunity#Which_intermediate_certificate_data_should_CAs_add_to_Salesforce.3F|CA Community in Salesforce wiki page]] further explains when intermediate certs do not need to be disclosed, such as expired intermediate certificates. Consider adding some of those clarifications directly to the policy. | |||
* (D19) Add statement of purpose as described in the [https://groups.google.com/d/msg/mozilla.dev.security.policy/SzSGHbrcBe0/hSGt50rJfYMJ policy framework discussion.] | * (D19) Add statement of purpose as described in the [https://groups.google.com/d/msg/mozilla.dev.security.policy/SzSGHbrcBe0/hSGt50rJfYMJ policy framework discussion.] | ||
* (D22) Make it clear in the [http://www.mozilla.org/projects/security/certs/policy/EnforcementPolicy.html Enforcement Policy] that disablement or removal of a root certificate may be scheduled for a future date, in order to allow for customers to transition off of the hierarchy to be distrusted. | * (D22) Make it clear in the [http://www.mozilla.org/projects/security/certs/policy/EnforcementPolicy.html Enforcement Policy] that disablement or removal of a root certificate may be scheduled for a future date, in order to allow for customers to transition off of the hierarchy to be distrusted. | ||