Confirmed users, Administrators
5,526
edits
CA/Root Store Policy Archive: Difference between revisions
m
→Consider for Version 2.3
| Line 72: | Line 72: | ||
* Add "or later" to audit criteria and BR version numbers. | * Add "or later" to audit criteria and BR version numbers. | ||
* Update item #12 of the [http://www.mozilla.org/projects/security/certs/policy/InclusionPolicy.html Inclusion Policy] to refer to a more recent version of the [https://www.cabforum.org/documents.html CA/Browser Forum Baseline Requirements]. | * Update item #12 of the [http://www.mozilla.org/projects/security/certs/policy/InclusionPolicy.html Inclusion Policy] to refer to a more recent version of the [https://www.cabforum.org/documents.html CA/Browser Forum Baseline Requirements]. | ||
* In the first bullet point of item #9 of the [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ Maintenance Policy] remove the "after June 30, 2011" and add MD2 and MD4. | * In the first bullet point of item #9 of the [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ Maintenance Policy] remove the "after June 30, 2011" and add MD2 and MD4. | ||
* Update the second bullet point of item #9 of the [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ Maintenance Policy]. | * Update the second bullet point of item #9 of the [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ Maintenance Policy]. | ||
| Line 83: | Line 82: | ||
* Clean up the [[CA:Problematic_Practices#Other_considerations_when_updating_the_CA_Certificate_Policy|"Other considerations when updating the CA Certificate Policy"]] section of the [[CA:Problematic_Practices|Potentially Problematic Practices]] page. | * Clean up the [[CA:Problematic_Practices#Other_considerations_when_updating_the_CA_Certificate_Policy|"Other considerations when updating the CA Certificate Policy"]] section of the [[CA:Problematic_Practices|Potentially Problematic Practices]] page. | ||
* [https://www.cabforum.org/documents.html CA/Browser Forum Baseline Requirements] version 1.1.6 added a requirement regarding technically constraining subordinate CA certificates, so item #9 of the [http://www.mozilla.org/projects/security/certs/policy/InclusionPolicy.html Inclusion Policy] may refer to the BR for details about how to technically constrain a subordinate CA certificate that can sign SSL certs. | |||
* Make the timeline clear about when the audit statements and disclosure has to happen for new audited/disclosed subCAs. According to the Baseline Requirements section 17 and 17.4, pre-issuance Readiness Audit is to be done before the SubCA begins issuing publicly-trusted certs. Then a complete audit is due within 90 days of issuing the first publicly-trusted cert. | * Make the timeline clear about when the audit statements and disclosure has to happen for new audited/disclosed subCAs. According to the Baseline Requirements section 17 and 17.4, pre-issuance Readiness Audit is to be done before the SubCA begins issuing publicly-trusted certs. Then a complete audit is due within 90 days of issuing the first publicly-trusted cert. | ||
* In item #8 of the [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ Maintenance Policy] | * In item #8 of the [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ Maintenance Policy] | ||