Confirmed users, Administrators
5,526
edits
m (added link) |
(Moved Detailed Review of CA's docs to before the discussion phase.) |
||
Line 27: | Line 27: | ||
#* If the CA contracts to another organization to help with the root inclusion request, the representative of the CA must clarify that relationship in their request, and must provide clear information about who the ongoing [[CA/Information_Checklist#CA_Primary_Point_of_Contact_.28POC.29|points-of-contact]] will be for the CA. | #* If the CA contracts to another organization to help with the root inclusion request, the representative of the CA must clarify that relationship in their request, and must provide clear information about who the ongoing [[CA/Information_Checklist#CA_Primary_Point_of_Contact_.28POC.29|points-of-contact]] will be for the CA. | ||
# A representative of Mozilla [[CA/Application_Verification#Information_Verification|verifies the information provided by the CA]]. | # A representative of Mozilla [[CA/Application_Verification#Information_Verification|verifies the information provided by the CA]]. | ||
# A representative of Mozilla or of the CA Community (as agreed by a Mozilla representative) performs a [[CA/Application_Verification#Detailed_Review|detailed review of the CA’s CP/CPS and audit documents]]. During this phase, the CA may be required to update their CP/CPS and audit documents to become fully aligned with [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla's Root Store Policy]. | |||
# A representative of Mozilla [[CA/Dashboard#Ready_for_Public_Discussion|adds the request to the queue for public discussion.]] | # A representative of Mozilla [[CA/Dashboard#Ready_for_Public_Discussion|adds the request to the queue for public discussion.]] | ||
# When the application reaches the head of the queue, a representative of Mozilla starts the [[CA/Application_Verification#Public_discussion|public discussion]] for the CA in the [https://www.mozilla.org/en-US/about/forums/#dev-security-policy mozilla.dev.security.policy forum], stating Mozilla’s intent to approve the request and initiating a 3 week comment period. If no concerns are raised during that time period, then the representative of Mozilla will close the discussion and the request may proceed to the approval phase. | |||
# When the application reaches the head of the queue, a representative of Mozilla starts the [[CA/Application_Verification#Public_discussion|public discussion]] for the CA in the [https://www.mozilla.org/en-US/about/forums/#dev-security-policy mozilla.dev.security.policy forum]. | |||
# A representative of the CA responds to questions and concerns posted during the public discussion of the CA's request. | # A representative of the CA responds to questions and concerns posted during the public discussion of the CA's request. | ||
# A representative of Mozilla summarizes the discussion and resulting decisions or action items. | # A representative of Mozilla summarizes the discussion and resulting decisions or action items. | ||
#* A discussion may be extended beyond the initial comment period if concerns or questions are raised that require further attention. | |||
#* A discussion may be put on hold, pending a CA action item, such that the discussion may continue as soon as the CA has provided the requested information. | #* A discussion may be put on hold, pending a CA action item, such that the discussion may continue as soon as the CA has provided the requested information. | ||
# A representative of the CA completes action items resulting from the public discussion, which may include updating processes, documentation, and audits. | # A representative of the CA completes action items resulting from the public discussion, which may include updating processes, documentation, and audits. |