Confirmed users, Administrators
5,526
edits
CA:CertificatePolicyV2.3: Difference between revisions
Change section 10 regarding how subCA disclosure happens
m (Clarification about technically constrained intermediate certs) |
(Change section 10 regarding how subCA disclosure happens) |
||
| Line 82: | Line 82: | ||
=== General Policy Cleanup === | === General Policy Cleanup === | ||
* Add text clarifying that non-technically-constrained intermediate certs have to be entered into the [[CA:SalesforceCommunity#Which_intermediate_certificate_data_should_CAs_add_to_Salesforce.3F|CA Community in Salesforce]]. And clarify when they have to be entered in regards to when such intermediate certs are created. | * Add text clarifying that non-technically-constrained intermediate certs have to be entered into the [[CA:SalesforceCommunity#Which_intermediate_certificate_data_should_CAs_add_to_Salesforce.3F|CA Community in Salesforce]]. And clarify when they have to be entered in regards to when such intermediate certs are created. | ||
** Update Section 10 of [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/ Mozilla's CA Certificate Policy] to state that the disclosure of subCAs is to happen in the [[CA:SalesforceCommunity|CA Community in Salesforce]]. | |||
*** Rather than stating "CA Community in Salesforce" in the policy, consider changing the name to "Common CA Database (CCADB)" and "CCADB Community". | |||
** The [https://mozillacaprogram.secure.force.com/Communications/CACommunicationSurveySample?CACommunicationId=a05o000000iHdtx March 2016 CA Communication] required CAs to enter their existing non-technically-constrained intermediate certificates into the CA Community in Salesforce by June 30, 2016. | ** The [https://mozillacaprogram.secure.force.com/Communications/CACommunicationSurveySample?CACommunicationId=a05o000000iHdtx March 2016 CA Communication] required CAs to enter their existing non-technically-constrained intermediate certificates into the CA Community in Salesforce by June 30, 2016. | ||
** The [[CA:SalesforceCommunity#Which_intermediate_certificate_data_should_CAs_add_to_Salesforce.3F|CA Community in Salesforce wiki page]] further explains when intermediate certs do not need to be disclosed, such as expired intermediate certificates. Consider adding some of those clarifications directly to the policy. | ** The [[CA:SalesforceCommunity#Which_intermediate_certificate_data_should_CAs_add_to_Salesforce.3F|CA Community in Salesforce wiki page]] further explains when intermediate certs do not need to be disclosed, such as expired intermediate certificates. Consider adding some of those clarifications directly to the policy. | ||