Confirmed users, Administrators
5,526
edits
CA:CertificatePolicyV2.3: Difference between revisions
m
Salesforce additional item re ongoing data maintenance
m (S/MIME audit requirements) |
m (Salesforce additional item re ongoing data maintenance) |
||
| Line 86: | Line 86: | ||
** The [https://mozillacaprogram.secure.force.com/Communications/CACommunicationSurveySample?CACommunicationId=a05o000000iHdtx March 2016 CA Communication] required CAs to enter their existing non-technically-constrained intermediate certificates into the CA Community in Salesforce by June 30, 2016. | ** The [https://mozillacaprogram.secure.force.com/Communications/CACommunicationSurveySample?CACommunicationId=a05o000000iHdtx March 2016 CA Communication] required CAs to enter their existing non-technically-constrained intermediate certificates into the CA Community in Salesforce by June 30, 2016. | ||
** The [[CA:SalesforceCommunity#Which_intermediate_certificate_data_should_CAs_add_to_Salesforce.3F|CA Community in Salesforce wiki page]] further explains when intermediate certs do not need to be disclosed, such as expired intermediate certificates. Consider adding some of those clarifications directly to the policy. | ** The [[CA:SalesforceCommunity#Which_intermediate_certificate_data_should_CAs_add_to_Salesforce.3F|CA Community in Salesforce wiki page]] further explains when intermediate certs do not need to be disclosed, such as expired intermediate certificates. Consider adding some of those clarifications directly to the policy. | ||
** Make it clear that [[CA:SalesforceCommunity#CA_Responsibilities|CAs must keep disclosing intermediates]] to Salesforce on an ongoing basis | |||
* (D19) Add statement of purpose as described in the [https://groups.google.com/d/msg/mozilla.dev.security.policy/SzSGHbrcBe0/hSGt50rJfYMJ policy framework discussion.] | * (D19) Add statement of purpose as described in the [https://groups.google.com/d/msg/mozilla.dev.security.policy/SzSGHbrcBe0/hSGt50rJfYMJ policy framework discussion.] | ||
* (D22) Make it clear in the [http://www.mozilla.org/projects/security/certs/policy/EnforcementPolicy.html Enforcement Policy] that disablement or removal of a root certificate may be scheduled for a future date, in order to allow for customers to transition off of the hierarchy to be distrusted. | * (D22) Make it clear in the [http://www.mozilla.org/projects/security/certs/policy/EnforcementPolicy.html Enforcement Policy] that disablement or removal of a root certificate may be scheduled for a future date, in order to allow for customers to transition off of the hierarchy to be distrusted. | ||