Confirmed users, Administrators
5,526
edits
CA/Subordinate CA Checklist: Difference between revisions
m
→Super-CAs
m (→Super-CAs) |
m (→Super-CAs) |
||
| Line 10: | Line 10: | ||
* The Super-CA is at all times completely accountable for their subordinate CAs, and the Super-CA ensures that all subordinate CAs demonstrably adhere to the Super-CA’s documented policies and audit criteria. | * The Super-CA is at all times completely accountable for their subordinate CAs, and the Super-CA ensures that all subordinate CAs demonstrably adhere to the Super-CA’s documented policies and audit criteria. | ||
* The Super-CA provides publicly verifiable documentation and proof of annual audits for each subordinate CA that attest to compliance with the Super-CA’s documented policies and audit criteria. | * The Super-CA provides publicly verifiable documentation and proof of annual audits for each subordinate CA that attest to compliance with the Super-CA’s documented policies and audit criteria. | ||
* The subordinate CAs do not themselves act as a Super-CA or sign a large number of [[CA:SubordinateCA_checklist# | * The subordinate CAs do not themselves act as a Super-CA or sign a large number of [[CA:SubordinateCA_checklist#Terminology | public third-party subordinate CAs]], making it difficult for Mozilla and others to annually confirm that the full CA hierarchy is in compliance with Mozilla’s CA Certificate Policy. | ||
== Terminology == | == Terminology == | ||