CA/Compliance Self-Assessment: Difference between revisions
m (clarification) |
m (clarification) |
||
| Line 7: | Line 7: | ||
In the past Mozilla relied on community members to do a [[CA:Recommended_Practices#CP.2FCPS_Documents_will_be_Reviewed.21|side-by-side comparison]] of the CA's CP/CPS documents to the [https://cabforum.org/baseline-requirements-documents/ CA/Browser Forum's Baseline Requirements]. This is a very time-consuming task that was made even more difficult by varying degrees in quality of CA CP/CPS documents and their adherence to the BRs, translation issues, versioning issues, difficulty finding which documents to review, etc. This caused the [[CA:Schedule#Queue_for_Public_Discussion|Public Discussion]] of root inclusion/update requests to grind to a halt. | In the past Mozilla relied on community members to do a [[CA:Recommended_Practices#CP.2FCPS_Documents_will_be_Reviewed.21|side-by-side comparison]] of the CA's CP/CPS documents to the [https://cabforum.org/baseline-requirements-documents/ CA/Browser Forum's Baseline Requirements]. This is a very time-consuming task that was made even more difficult by varying degrees in quality of CA CP/CPS documents and their adherence to the BRs, translation issues, versioning issues, difficulty finding which documents to review, etc. This caused the [[CA:Schedule#Queue_for_Public_Discussion|Public Discussion]] of root inclusion/update requests to grind to a halt. | ||
Therefore, Mozilla is going to require CAs to perform their own side-by-side comparison of their CP/CPS documents to the BRs, and attach their findings to their Bugzilla Bug before their discussion will be started. A template for this self-assessment is provided at the link above. During the public discussion in the [https://groups.google.com/forum/#!forum/mozilla.dev.security.policy mozilla.dev.security.policy] forum, members of the community will use the CA's self-assessment document to perform their own review, confirm the CA's self-assessment, ask questions, raise concerns, etc. | Therefore, Mozilla is going to require CAs to perform their own side-by-side comparison of their CP/CPS documents to the BRs, and attach their findings to their Bugzilla Bug before their discussion will be started. A template for this self-assessment is provided at the link above. During the public discussion in the [https://groups.google.com/forum/#!forum/mozilla.dev.security.policy mozilla.dev.security.policy] forum, members of the community will use the CA's self-assessment document to perform their own review, confirm the accuracy of the CA's self-assessment, ask questions, raise concerns, etc. | ||
Revision as of 20:54, 24 March 2017
DRAFT
The content of this page is a work in progress intended for review.
Please help improve the draft!
Ask questions or make suggestions in the discussion
or add your suggestions directly to this page.
BR Self Assessment
Mozilla's root inclusion/update process has a Public Discussion phase in which members of the community thoroughly review and discuss each CA's request.
In the past Mozilla relied on community members to do a side-by-side comparison of the CA's CP/CPS documents to the CA/Browser Forum's Baseline Requirements. This is a very time-consuming task that was made even more difficult by varying degrees in quality of CA CP/CPS documents and their adherence to the BRs, translation issues, versioning issues, difficulty finding which documents to review, etc. This caused the Public Discussion of root inclusion/update requests to grind to a halt.
Therefore, Mozilla is going to require CAs to perform their own side-by-side comparison of their CP/CPS documents to the BRs, and attach their findings to their Bugzilla Bug before their discussion will be started. A template for this self-assessment is provided at the link above. During the public discussion in the mozilla.dev.security.policy forum, members of the community will use the CA's self-assessment document to perform their own review, confirm the accuracy of the CA's self-assessment, ask questions, raise concerns, etc.