Confirmed users, Administrators
5,526
edits
CA/Required or Recommended Practices: Difference between revisions
CA/Required or Recommended Practices (view source)
Revision as of 19:16, 8 October 2019
, 8 October 2019Added clarification about audit history requirements
(Move Precertificates to recommended) |
(Added clarification about audit history requirements) |
||
| Line 101: | Line 101: | ||
==== Complete Audit History ==== | ==== Complete Audit History ==== | ||
[https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy#71-inclusions Mozilla's Root Store Policy] states: "Before being included, CAs MUST provide evidence that their CA certificates have continually, from the time of creation, complied with the then-current Mozilla Root Store Policy and Baseline Requirements." | [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy#71-inclusions Mozilla's Root Store Policy] states: "Before being included, CAs MUST provide evidence that their CA certificates have continually, from the time of creation, complied with the then-current Mozilla Root Store Policy and Baseline Requirements." To meet this requirement CAs must provide public-facing audit statements for all of the audits that have been conducted from the time of root creation, for both the root and the non-[https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#531-technically-constrained technically-constrained] intermediate certificates in the hierarchy. This includes: | ||
* Root key generation report | |||
* Any Point in time audits | |||
* All Period of time audits | |||
This requirement may be met via one of the following options: | This requirement may be met via one of the following options: | ||