CA:Schedule: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Turn into a redirect)
 
(647 intermediate revisions by 3 users not shown)
Line 1: Line 1:
= Schedule for CA evaluations =
#REDIRECT [[CA/Dashboard]]
 
''Note that this schedule is tentative and may change without warning based on unforeseen circumstances. Nothing in this schedule shall be construed as a commitment by the Mozilla Foundation or the Mozilla project in general.''
 
== General timeline ==
 
Our process for evaluating CA requests is as follows:
# CAs will be added into the queue for public discussion after they have completed the Information Gathering and Verification phase as described in [https://wiki.mozilla.org/CA:How_to_apply CA:How_to_apply.]
# Prior to entering public discussion we may need to gather further information or an updated audit from the CA; if for some reason we cannot obtain the needed information then the next CA in the queue will be considered for public discussion.
# Once a CA enters the public discussion period a representative of the CA must promptly respond in the discussion to any questions or concerns that are raised. If a CA delays their response for more than one week, then their discussion may be closed.
# During the course of the discussion, we will make a decision as to whether to approve the request.
# If the discussion results in moving forward with approval, then a representative of Mozilla will summarize the request in the bug, and indicate the plan to approve the request. After about one week, if no further questions or concerns are raised, then the representative of Mozilla may approve the request. Once a request is approved then a representative of Mozilla will file bug(s) against the appropriate developer(s) to have the necessary changes made to NSS (for CA root inclusion) or PSM (for EV-enabling a CA) or both.
# If a request is not approved due to outstanding issues that need to be addressed (e.g., a need for further information, or concerns about CA practices) then the request will wither be closed, or will be added to the [[CA:Schedule#CAs_Responding_to_First_Discussion | list of CAs responding to the first discussion.]] A second round of public discussion may be needed after the issues have been resolved.
 
Once bugs are filed against NSS and/or PSM the schedule is set first by the NSS/PSM developer(s) (for making the technical changes) and then by the product teams for Firefox and other products (to include the new changes in a release of Firefox, etc.) Root certificate changes to NSS/PSM are usually grouped and done as a batch when there is either a large enough set of changes or about every 3 months. When the developer makes the changes, a test build will be provided and the bug will be updated to request that you test it. After the NSS/PSM changes are committed to an NSS release, then a future version of Firefox will include the updated version of NSS/PSM.
 
== Queue for Public Discussion==
 
The following queue indicates the order in which requests will enter [https://wiki.mozilla.org/CA:How_to_apply#Public_discussion public discussion] for root inclusion request from CAs who do not
currently have a root certificate included in NSS. In general, only one or two of these requests may be in discussion at any given point. The amount of time that each discussion takes varies dramatically depending
on the number of reviewers contributing to the discussion, and the types of concerns that are raised. For each discussion, there must be input from at least two people who have reviewed and commented on the request.
To be added to this queue, a request must first achieve the "Information Confirmed Complete" status.
{|
|-
! CA Company Name  || Bug ID || Geographic focus || Audit Date yyyy.mm.dd || Status || Notes
|-
| [http://www.mozilla.org/projects/security/certs/pending/#US%20FPKI US FPKI]  || [http://bugzilla.mozilla.org/show_bug.cgi?id=478418 478418] || US || 2012.02.28 || First Discussion started on July 27 || national government CA
|-
| [http://www.mozilla.org/projects/security/certs/pending/#PROCERT PROCERT]  || [http://bugzilla.mozilla.org/show_bug.cgi?id=593805 593805] || Venezuela || 2011.07.29 || In Queue || Signed by SUSCERTE (bug #489240)
|-
| [http://www.mozilla.org/projects/security/certs/pending/#SG%20Trust%20Services SG Trust Services] || [http://bugzilla.mozilla.org/show_bug.cgi?id=662259 662259] || France || 2011.05.11 || In Queue ||
|-
| [http://www.mozilla.org/projects/security/certs/pending/#D-TRUST D-TRUST] || [http://bugzilla.mozilla.org/show_bug.cgi?id=467891 467891] || Germany || 2011.03.18 || In Queue || EV
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Atos Atos] || [http://bugzilla.mozilla.org/show_bug.cgi?id=711366 711366] || Europe || 2012.06.06 || In Queue ||
|-
|}
 
==== On Hold ====
The following requests reached the top of the queue, but then got put on hold until further information is supplied.
{|
|-
! CA Company Name  || Bug ID || Geographic focus || Audit Date yyyy.mm.dd || Status || Notes
|-
| [http://www.mozilla.org/projects/security/certs/pending/#FNMT FNMT]|| [http://bugzilla.mozilla.org/show_bug.cgi?id=435736 435736] || Spain || 2010.08.27 || In Queue || national government CA
|-
| || ||  || ||  ||
|-
|}
 
=== Requests from Already Included CAs that are in Discussion ===
These requests are from CAs that already have roots included in NSS. The requests may be discussed in parallel; the goal is to start each discussion as soon as the information is ready. In general, these
requests will remain in discussion for 2 weeks unless further discussion is warranted. To be added to this queue, a request must first achieve the "Information Confirmed Complete" status.
{|
|-
! CA Company Name  || Bug ID || Geographic focus || Audit Date yyyy.mm.dd || Status || Notes
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Sertifitseerimiskeskus Sertifitseerimiskeskus] || [http://bugzilla.mozilla.org/show_bug.cgi?id=624356 624356] || Estonia || 2011.11.15 || First Discussion Started on April 5 ||
|-
| [http://www.mozilla.org/projects/security/certs/pending/#CNNIC CNNIC]  || [http://bugzilla.mozilla.org/show_bug.cgi?id=607208 607208] || China || 2011.05.31 || First Discussion started on May 30  || EV
|-
|}
 
====Need to start discussions====
These requests need to be reviewed and have their discussion started as soon as possible, and then added to the list above.
{|
|-
! CA Company Name  || Bug ID || Geographic focus || Audit Date yyyy.mm.dd || Status || Notes
|-
| [http://www.mozilla.org/projects/security/certs/pending/#ComSign ComSign] || [http://bugzilla.mozilla.org/show_bug.cgi?id=675060 675060] || Israel || 2012.02.07 || In Queue ||
|-
| [http://www.mozilla.org/projects/security/certs/pending/#ANSSI%20%28Government%20of%20France%29 ANSSI] || [http://bugzilla.mozilla.org/show_bug.cgi?id=693450 693450] || France || 2010.12.20 || In Queue || Government CA
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Entrust Entrust] || [http://bugzilla.mozilla.org/show_bug.cgi?id=694536 694536] || Global || 2012.02.29 || In Queue || EV
|-
|}
 
== CAs Responding to First Discussion ==
 
The following list shows the CAs who have gone through the first round of public discussion, and have resulting action items to complete before the second round of public discussion may begin.
 
{|
|-
! CA Company Name  || Bug ID || Geographic focus || Audit Date yyyy.mm.dd || Status || Notes
|-
| [http://www.mozilla.org/projects/security/certs/pending/#KISA KISA] || [http://bugzilla.mozilla.org/show_bug.cgi?id=335197 335197] || Korea || Need Audit  || Responding to First Discussion || need to complete sub-CA review
|-
| [http://www.mozilla.org/projects/security/certs/pending/#SSC SSC, Lithuanian National Root] || [http://bugzilla.mozilla.org/show_bug.cgi?id=379152 379152] || Lithuania || 2008.10.30 || Responding to First Discussion || national government CA, Update root roles, CPS, audit
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Verizon%20/%20Cybertrust Verizon/CyberTrust] || [http://bugzilla.mozilla.org/show_bug.cgi?id=430698 430698] || global || Need Audit || Responding to First Discussion || EV, no OCSP, has resellers
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Swiss%20BIT Swiss BIT]  || [http://bugzilla.mozilla.org/show_bug.cgi?id=435026 435026] || Switzerland || Need Audit || Responding to First Discussion || Need new root with clear Issuer info, Update CPS
|-
| [http://www.mozilla.org/projects/security/certs/pending/#ICP-Brasil ICP-Brasil] || [http://bugzilla.mozilla.org/show_bug.cgi?id=438825 438825] || Brazil || Need Audit || Responding to First Discussion || national government CA. Need independent audit for root and sub-CAs
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Finnish%20Population%20Register Finnish Population Register] || [http://bugzilla.mozilla.org/show_bug.cgi?id=463989 463989] || Finland || 2008.02.28 || Responding to First Discussion || national government CA. Need audit for SSL and code signing CPS
|-
| [http://www.mozilla.org/projects/security/certs/pending/#NIC NIC]|| [http://bugzilla.mozilla.org/show_bug.cgi?id=511380 511380] || India ||  2010.02.22 || Responding to First Discussion || Signed by India CCA. Need to update CPS.
|-
| [http://www.mozilla.org/projects/security/certs/pending/#E-ME  E-ME] || [http://bugzilla.mozilla.org/show_bug.cgi?id=518098 518098] || Latvia || 2011.05.02 || Approval Pending Discussion Action Items || {{bug|518098#c95}}
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Scientific%20Trust Scientific Trust ] || [http://bugzilla.mozilla.org/show_bug.cgi?id=531237 531237] || Austria, Germany, Switzerland || 2009.06.30 || Responding to First Discussion|| Need updates to CP/CPS
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Symantec%20/%20VeriSign Symantec/VeriSign] || [http://bugzilla.mozilla.org/show_bug.cgi?id=536318 536318] || Global || 2010.11.30 || Approval pending EV tests || enable EV
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Symantec%20/%20GeoTrust Symantec/GeoTrust]|| [http://bugzilla.mozilla.org/show_bug.cgi?id=539255 539255] || Global || 2010.11.30 || Responding to First Discussion - SubCA Checklist || EV
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Symantec%20/%20thawte Symantec/thawte] || [http://bugzilla.mozilla.org/show_bug.cgi?id=539257 539257] || Global || 2010.11.30 || Approval pending EV tests || enable EV
|-
| [http://www.mozilla.org/projects/security/certs/pending/#SafeScrypt SafeScrypt]|| [http://bugzilla.mozilla.org/show_bug.cgi?id=562763 562763] || India || 2011.06.30 || Need new discussion after CA responds, see bug || Signed by India CCA
|-
| [http://www.mozilla.org/projects/security/certs/pending/#SHECA SHECA] || [http://bugzilla.mozilla.org/show_bug.cgi?id=566310 566310] || China || 2011.04.30 || Need new discussion after CA responds, see bug ||
|-
|}
 
== Requests in the Information Gathering and Verification Phase ==
 
The following CAs are in the Information Gathering and Verification Phase as described in [https://wiki.mozilla.org/CA:How_to_apply CA:How_to_apply.] These requests need to complete the Information Gathering and Verification Phase before they can be put into the queue for public discussion.
{|
|-
! CA Company Name || Bug ID Number || Geographic focus || Notes
|-
| [http://www.mozilla.org/projects/security/certs/pending/#SUSCERTE SUSCERTE] || [http://bugzilla.mozilla.org/show_bug.cgi?id=489240 489240] ||  Venezuela || national government CA, sub-CAs will apply for inclusion
|-
| [http://www.mozilla.org/projects/security/certs/pending/#TeliaSonera TeliaSonera] || [http://bugzilla.mozilla.org/show_bug.cgi?id=539924 539924] || Nordic Countries ||
|-
| [http://www.mozilla.org/projects/security/certs/pending/#SITHS SITHS] || [http://bugzilla.mozilla.org/show_bug.cgi?id=544362 544362] || Sweden ||
|-
| [http://www.mozilla.org/projects/security/certs/pending/#ANF ANF] || [http://bugzilla.mozilla.org/show_bug.cgi?id=555156 555156] || European Union ||
|-
| [http://www.mozilla.org/projects/security/certs/pending/#CCA CCA]|| [http://bugzilla.mozilla.org/show_bug.cgi?id=557167 557167] || India ||
|-
| [http://www.mozilla.org/projects/security/certs/pending/#IDRBT IDRBT] || [http://bugzilla.mozilla.org/show_bug.cgi?id=562764 562764] || India || Signed by India CCA
|-
| TCS || [http://bugzilla.mozilla.org/show_bug.cgi?id=562766 562766] || India || Signed by India CCA, add to pending
|-
| MTNL || [http://bugzilla.mozilla.org/show_bug.cgi?id=562769 562769] || India || Signed by India CCA, add to pending
|-
| nCode || [http://bugzilla.mozilla.org/show_bug.cgi?id=562772 562772] || India || Signed by India CCA, add to pending
|-
| eMudhra || [http://bugzilla.mozilla.org/show_bug.cgi?id=562774 562774] || India || Signed by India CCA, add to pending
|-
| Collier || [http://bugzilla.mozilla.org/show_bug.cgi?id=590593 590593] || US || add to pending
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Comodo Comodo]  || [http://bugzilla.mozilla.org/show_bug.cgi?id=606947 606947] || Global || EV
|-
| DigiCert || [http://bugzilla.mozilla.org/show_bug.cgi?id=617179 617179] || Global || EV, add to pending
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Netrust Netrust]  || [http://bugzilla.mozilla.org/show_bug.cgi?id=632292 632292] || Singapore ||
|-
| Visa || [http://bugzilla.mozilla.org/show_bug.cgi?id=636557 636557] || Global ||
|-
| EADTrust || [http://bugzilla.mozilla.org/show_bug.cgi?id=640135 640135] || Spain || add to pending, Regional government CA
|-
| PostSignum || [http://bugzilla.mozilla.org/show_bug.cgi?id=643398 643398] || Czech Republic || National government CA
|-
| [http://www.mozilla.org/projects/security/certs/pending/#PSC-FII PSC-FII] || [http://bugzilla.mozilla.org/show_bug.cgi?id=667466 667466] || Venezuela || Signed by SUSCERTE (bug #489240)
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Digidentity Digidentity]|| [http://bugzilla.mozilla.org/show_bug.cgi?id=693273 693273] || Netherlands ||
|-
| [http://www.mozilla.org/projects/security/certs/pending/#CATCert CATCert]|| [http://bugzilla.mozilla.org/show_bug.cgi?id=720326 720326] || Spain || EV
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Swisscom Swisscom]|| [https://bugzilla.mozilla.org/show_bug.cgi?id=759732 759732] || Switzerland || EV
|-
|}
 
== Requests in the Inclusion Phase ==
 
The following CAs have been approved and are in the Inclusion Phase as described in [https://wiki.mozilla.org/CA:How_to_apply CA:How_to_apply.]
 
{|
|-
! CA Company Name || Bug ID || Geographic focus || Notes
|-
| [http://www.mozilla.org/projects/security/certs/pending/#TURKTRUST TÜRKTRUST] || [http://bugzilla.mozilla.org/show_bug.cgi?id=433845 433845] || Turkey || EV
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Actalis Actalis] || [http://bugzilla.mozilla.org/show_bug.cgi?id=520557 520557] || Italy ||
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Trustis Trustis] || [http://bugzilla.mozilla.org/show_bug.cgi?id=577665 577665] || UK ||
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Symantec%20/%20thawte Symantec/thawte] || [http://bugzilla.mozilla.org/show_bug.cgi?id=601950 601950] || Global || turn on Code Signing
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Symantec%20/%20VeriSign Symantec/VeriSign] || [http://bugzilla.mozilla.org/show_bug.cgi?id=602107 602107] || Global || turn on Code Signing and Email
|-
| [http://www.mozilla.org/projects/security/certs/pending/#StartCom StartCom] || [http://bugzilla.mozilla.org/show_bug.cgi?id=602750 602750] || Global || EV
|-
| [http://www.mozilla.org/projects/security/certs/pending/#StartCom StartCom] || [http://bugzilla.mozilla.org/show_bug.cgi?id=640368 640368] || Global || EV
|-
| [http://www.mozilla.org/projects/security/certs/pending/#T-Systems T-Systems] || [http://bugzilla.mozilla.org/show_bug.cgi?id=669849 669849] || Germany || EV
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Buypass Buypass] || [http://bugzilla.mozilla.org/show_bug.cgi?id=685128 685128] || Norway || EV
|-
|}
 
== Included CAs ==
 
[http://www.mozilla.org/projects/security/certs/included/ List of root certificates included after March 1st, 2007]
 
[http://spreadsheets.google.com/pub?key=ttwCVzDVuWzZYaDosdU6e3w&single=true&gid=0&output=html Spreadsheet of all included root certificates]

Latest revision as of 08:37, 5 May 2017

Redirect to:

Retrieved from "https://wiki.allizom.org/index.php?title=CA:Schedule&oldid=1170368"