CA/Root Store Policy Archive: Difference between revisions

2.7.1

• Policy document
• Finalized date (GitHub): March 30, 2021
• Publication date (www.mozilla.org): April 12, 2021
• Effective (compliance) date: May 1, 2021, except:
  • October 1, 2021: CAs MUST validate dNSName or IPAddress in SAN/commonName within 398 days prior to certificate issuance
  • July 31, 2021: CAs MUST update section 4.9.12 of their CPSes to clearly specify the methods that parties may use to demonstrate private key compromise

• List of changes and diff

2.7

• Policy document, Common CCADB Policy
• Publication date: December 10, 2019
• Effective (compliance) date: January 1, 2020, except:
  • April 1, 2020: CPs and CPSes published after this date MUST be structured according to RFC 3647 and MUST:
    • Include at least every section and subsection defined in RFC 3647; and,
    • Only use the words "No Stipulation" to mean that the particular document imposes no requirements related to that section; and,
    • Contain no sections that are blank and have no subsections.
  • July 1, 2020: End-entity certificates MUST include an Extended Key Usage (EKU) extension containing KeyPurposeId(s) describing the intended usage(s) of the certificate, and the EKU extension MUST NOT contain the KeyPurposeId anyExtendedKeyUsage.
• List of changes and diff

2.6.1

• Policy document, Common CCADB Policy
• Publication date: August 13, 2018
• Effective (compliance) date: August 13, 2018, except:
  • January 1, 2019: Separation of id-kp-serverAuth and id-kp-emailProtection KeyPurposeIds in newly created intermediate certificates as described in section 5.3
• List of changes and diff

2.6

• Policy document, Common CCADB Policy
• Publication date: June 29, 2018
• Effective (compliance) date: July 1, 2018, except:
  • January 1, 2019: Separation of id-kp-serverAuth and id-kp-emailProtection KeyPurposeIds in newly created intermediate certificates as described in section 5.3
• List of changes and diff

2.5

• Policy document, Common CCADB Policy
• The "Mozilla CCADB Policy" document is now part of the main Policy
• Publication date: June 23, 2017
• Compliance date: June 23, 2017, except:
  • Technical constraints for email intermediates, which is (erratum) November 15, 2017 for existing non-qualifying intermediates to cease issuing, and April 15 2018 for them to be revoked or audited
  • Using the Ten Blessed Methods for domain validation, which is July 21, 2017
• List of changes and diff

2.4.1

• Policy document, Common CCADB Policy, Mozilla CCADB Policy
• Publication date: March 31, 2017
• Compliance date: March 31, 2017 (except "CP/CPS in English", which is June 1, 2017)
• This version has no changes in normative requirements over version 2.4; it is a rearrangement and reordering of the existing policy.

2.4

• Policy document, Common CCADB Policy, Mozilla CCADB Policy
• Publication date: February 28, 2017
• Compliance date: February 28, 2017 (except "CP/CPS in English", which is June 1, 2017)
• List of changes and diff

2.3

• Policy document
• Publication date: December 19, 2016
• Compliance date: December 19, 2016
• List of changes and diff

2.2

• Policy document
• Publication date: July 26, 2013
• Compliance date: July 26, 2013 (more specific details)
• List of changes: bug 868144

2.1

• Policy document
• Publication date: February 14, 2013
• Compliance date: February 14, 2014 (more specific details)
• Items considered: CA/PolicyVersion2.1
• List of changes: bug 763758

2.0

• Policy document
• Publication date: February 2, 2011
• Compliance date: August 8, 2011 (Feb 2, 2011 for new root inclusions)
• Items considered: CA:PolicyVersion2.0
• List of changes: bug 609945

Earlier

• Version 1.2 -- January 2008
• Version 1.1 -- November 2007
• Version 1.0 -- November 2005
• Version 0.4 -- March 2004