|
|
| Line 17: |
Line 17: |
| === Previous Versions of the Policy === | | === Previous Versions of the Policy === |
|
| |
|
| * [[CA:Policy|Changes to Mozilla's CA Certificate Policy]] -- How to view changes to the policy
| | ====2.2==== |
| * [[CA:Policy#Snapshots_of_Previous_Versions_of_the_Policy | Snapshots of Previous Versions of the Policy]]
| |
|
| |
|
| [[CA:CertificatePolicyV2.0 | Version 2.0 of the Mozilla CA Certificate Policy]] was published on February 2, 2011. The changes are described in {{Bug|609945}}. For the list of items that were considered in this update [[CA:PolicyVersion2.0 | click here.]] | | * [https://github.com/mozilla/pkipolicy/blob/2.2/rootstore/policy.md Policy document] |
| | * Publication date: July 26, 2013 |
| | * Compliance date: July 26, 2013 ([[CA:CertificatePolicyV2.2#Time_Frames_for_included_CAs_to_comply_with_version_2.2_of_the_policy|more specific details]]) |
| | * List of changes: {{Bug|868144}} |
|
| |
|
| The Policy has been divided into three sections:
| | ====2.1==== |
| # Applying for Inclusion of Root Certificates in Mozilla Products
| |
| #* This is mostly the original policy, so diff information between this section and version 1.2 of the policy was provided in [https://bugzilla.mozilla.org/show_bug.cgi?id=609945#c4 bug #609945.]
| |
| # Maintaining Confidence in Included Root Certificates
| |
| #*This section is completely new.
| |
| # Enforcing the Mozilla CA Certificate Policy
| |
| #* This section is completely new.
| |
|
| |
|
| [http://www.mozilla.org/projects/security/certs/policy/ Version 2.1 of the Mozilla CA Certificate Policy] was published on February 14, 2013. The changes are described in {{Bug|763758}}. For the list of items that were considered in this update [[CA:PolicyVersion2.1 | click here.]] | | * [[CA:CertPolicyV2.1|Policy document]] |
| | * Publication date: February 14, 2013 |
| | * Compliance date: February 14, 2014 ([[CA:CertificatePolicyV2.1#Time_Frames_for_included_CAs_to_comply_with_the_new_policy|more specific details]]) |
| | * Items considered: [[CA:PolicyVersion2.1]] |
| | * List of changes: {{Bug|763758}} |
|
| |
|
| === Transitioning to the Updated Policy Version 2.0=== | | ====2.0==== |
|
| |
|
| [[CA:CertificatePolicyV2.0 | Version 2.0 of the Mozilla CA Certificate Policy]] was published on February 2, 2011. | | * [[CA:CertificatePolicyV2.0|Policy document]] |
| * All CAs with root certificates in Mozilla products shall be in full compliance with [[CA:CertificatePolicyV2.0 | Version 2.0 of the Mozilla CA Certificate Policy]] no later than August 8, 2011. | | * Publication date: February 2, 2011 |
| * Certificates issued before August 8, 2011, must at least meet the requirements of [[CA:CertificatePolicyV1.2 | Version 1.2 of the Mozilla CA Certificate Policy.]]
| | * Compliance date: August 8, 2011 (Feb 2, 2011 for new root inclusions) |
| * Any certificate authority requesting a root inclusion/update after February 2, 2011 must comply with [[CA:CertificatePolicyV2.0 | Version 2.0 of the Mozilla CA Certificate Policy.]] | | * Items considered: [[CA:PolicyVersion2.0]] |
| * CAs should comply with the latest published policy when they do their annual audit, and this should be checked by a Mozilla representative when their annual audit report becomes available. | | * List of changes: {{Bug|609945}} |
|
| |
|
| '''Note:''' I have been informed by some CAs that more time is needed to replace certain certificates that have been issued to customers, or to allow customers time to implement the necessary infrastructure changes to support the new certs. I will be separately tracking the exceptions that I have been informed of, and have agreed to (e.g. there are valid reasons for these exceptions).
| | ====Earlier==== |
|
| |
|
| === Transitioning to the Updated Policy Version 2.1===
| | * [[CA:CertificatePolicyV1.2|Version 1.2]] -- January 2008 |
| | | * [[CA:CertificatePolicyV1.1|Version 1.1]] -- November 2007 |
| [https://wiki.mozilla.org/CA:CertificatePolicyV2.1#Time_Frames_for_included_CAs_to_comply_with_the_new_policy Click here] to see the time frames for included CAs to comply with the changes in version 2.1 of Mozilla's CA Certificate Policy. | | * [[CA:CertificatePolicyV1.0|Version 1.0]] -- November 2005 |
| | | * [[CA:CertificatePolicyV0.4|Version 0.4]] -- March 2004 |
| === Transitioning to the Updated Policy Version 2.2===
| |
| | |
| [https://wiki.mozilla.org/CA:CertificatePolicyV2.2 Click here] to see the time frames for included CAs to comply with the changes in version 2.2 of Mozilla's CA Certificate Policy. | |
|
| |
|
| === Consider for Version 2.3 === | | === Consider for Version 2.3 === |