136
edits
CA/Required or Recommended Practices: Difference between revisions
CA/Required or Recommended Practices (view source)
Revision as of 23:00, 1 April 2019
, 1 April 2019→Baseline Requirements: Fix typos
(→Baseline Requirements: Update BR references) |
(→Baseline Requirements: Fix typos) |
||
| Line 124: | Line 124: | ||
* BR subsections 3.2.2.4.1 and 3.2.2.4.5 were banned effective 1-August-2018. | * BR subsections 3.2.2.4.1 and 3.2.2.4.5 were banned effective 1-August-2018. | ||
** "CAs must stop using domain validation methods BR 3.2.2.4.1 and 3.2.2.4.5, stop reusing validation data from those methods" | ** "CAs must stop using domain validation methods BR 3.2.2.4.1 and 3.2.2.4.5, stop reusing validation data from those methods" | ||
* BR subsection 3.2.2.9 was banned by ballot SC15, effective 16-March 2019 | * BR subsection 3.2.2.9 was banned by ballot SC15, effective 16-March 2019. | ||
* BR subsection 3.2.2.4.10 contains major | * BR subsection 3.2.2.4.10 contains major vulnerabilities. If the CA uses this method, then the CA should describe how they are mitigating those vulnerabilities. If not using this method, the CPS should say so. | ||
* BR section 3.2.2.5(4) was updated by ballot SC7 to remove "any other method", effective 1-August 2019. Prior to that date: | * BR section 3.2.2.5(4) was updated by ballot SC7 to remove "any other method", effective 1-August 2019. Prior to that date: | ||
** Saying the CA follows BR section 3.2.2.5 does not meet [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy#22-validation-practices Mozilla's disclosure requirements for this method]. The CPS must describe if/how "any other method" is implemented. | ** Saying the CA follows BR section 3.2.2.5 does not meet [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy#22-validation-practices Mozilla's disclosure requirements for this method]. The CPS must describe if/how "any other method" is implemented. | ||