CA/Prioritization: Difference between revisions
(Initial page) |
(Layout) |
||
| Line 1: | Line 1: | ||
Prioritization of CA Root Inclusion Requests will be based on the factors described below and use the P1-P5 Priority categories available in the Bugzilla system with our own categorization for the CA root inclusion program. | Prioritization of CA Root Inclusion Requests will be based on the factors described below and use the P1-P5 Priority categories available in the Bugzilla system with our own categorization for the CA root inclusion program. | ||
P1 = High (Applicant has good compliance history and is replacing an already-included root) | |||
P2 = Medium High (Applicant is well-prepared and responsive, with a good history of policy compliance) | '''P1''' = High (Applicant has good compliance history and is replacing an already-included root) | ||
P3 = Medium (Applicant’s request and responsiveness are “average”, but demonstrates compliance with policies) | |||
P4 = Medium Low (Applicant’s responsiveness and compliance history are “average”) | '''P2''' = Medium High (Applicant is well-prepared and responsive, with a good history of policy compliance) | ||
P5 = Low (Applicant has much work to do, is slow to respond to requests, or has not demonstrated full compliance with policies) | |||
'''P3''' = Medium (Applicant’s request and responsiveness are “average”, but demonstrates compliance with policies) | |||
'''P4''' = Medium Low (Applicant’s responsiveness and compliance history are “average”) | |||
'''P5''' = Low (Applicant has much work to do, is slow to respond to requests, or has not demonstrated full compliance with policies) | |||
Factors assessed in setting the above-referenced priorities, in order of importance, are: | Factors assessed in setting the above-referenced priorities, in order of importance, are: | ||
1 - Alignment with Mozilla Manifesto - https://www.mozilla.org/en-US/about/manifesto/ | |||
2 - Compliance (Based on the compliance history of existing CA operators, and their responsiveness to issues) https://wiki.mozilla.org/CA/Incident_Dashboard | '''1 - Alignment with Mozilla Manifesto''' - https://www.mozilla.org/en-US/about/manifesto/ | ||
3 - Replacing Existing (Existing CA operators that are replacing an already-included root certificate) https://wiki.mozilla.org/CA/Certificate_Change_Process | |||
4 - Responsiveness/Complete and Timely (Applicant provides clear, complete, concise and timely responses to questions, comments, or concerns about their root inclusion request) | '''2 - Compliance''' (Based on the compliance history of existing CA operators, and their responsiveness to issues) https://wiki.mozilla.org/CA/Incident_Dashboard | ||
5 - Single-Purpose, Separate Roots (Hierarchies that are separated by root for a particular purpose) https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#CA_Hierarchy | |||
6 - CA Hierarchy Control (CA hierarchies comprised solely of CAs fully controlled by the applicant) https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#53-intermediate-certificates | '''3 - Replacing Existing''' (Existing CA operators that are replacing an already-included root certificate) https://wiki.mozilla.org/CA/Certificate_Change_Process | ||
7 - Completeness (Applicant completes all information in CCADB) https://wiki.mozilla.org/CA/Information_Checklist#Create_a_Root_Inclusion_Case | |||
8 - CPS Quality (Initially provided CP/CPS documents fully meet Mozilla’s Root Store Policy and the CAB Forum Baseline Requirements) https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#Publicly_Available_CP_and_CPS | '''4 - Responsiveness/Complete and Timely''' (Applicant provides clear, complete, concise and timely responses to questions, comments, or concerns about their root inclusion request) | ||
9 - Updating Trust Bits or EV-Enablement of Already-Included Root Certificate (Existing CAs that are only requesting EV enablement or adding a trust bit to an already-included root certificate) https://wiki.mozilla.org/CA/Certificate_Change_Process#Enable_EV | |||
10 - Ready (Detailed CP/CPS Review is complete and CA is “Ready for Discussion”) https://wiki.mozilla.org/CA/Application_Verification | '''5 - Single-Purpose, Separate Roots''' (Hierarchies that are separated by root for a particular purpose) https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#CA_Hierarchy | ||
'''6 - CA Hierarchy Control''' (CA hierarchies comprised solely of CAs fully controlled by the applicant) https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#53-intermediate-certificates | |||
'''7 - Completeness''' (Applicant completes all information in CCADB) https://wiki.mozilla.org/CA/Information_Checklist#Create_a_Root_Inclusion_Case | |||
'''8 - CPS Quality''' (Initially provided CP/CPS documents fully meet Mozilla’s Root Store Policy and the CAB Forum Baseline Requirements) https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#Publicly_Available_CP_and_CPS | |||
'''9 - Updating Trust Bits or EV-Enablement of Already-Included Root Certificate''' (Existing CAs that are only requesting EV enablement or adding a trust bit to an already-included root certificate) https://wiki.mozilla.org/CA/Certificate_Change_Process#Enable_EV | |||
'''10 - Ready''' (Detailed CP/CPS Review is complete and CA is “Ready for Discussion”) https://wiki.mozilla.org/CA/Application_Verification | |||
Revision as of 19:38, 30 March 2021
Prioritization of CA Root Inclusion Requests will be based on the factors described below and use the P1-P5 Priority categories available in the Bugzilla system with our own categorization for the CA root inclusion program.
P1 = High (Applicant has good compliance history and is replacing an already-included root)
P2 = Medium High (Applicant is well-prepared and responsive, with a good history of policy compliance)
P3 = Medium (Applicant’s request and responsiveness are “average”, but demonstrates compliance with policies)
P4 = Medium Low (Applicant’s responsiveness and compliance history are “average”)
P5 = Low (Applicant has much work to do, is slow to respond to requests, or has not demonstrated full compliance with policies)
Factors assessed in setting the above-referenced priorities, in order of importance, are:
1 - Alignment with Mozilla Manifesto - https://www.mozilla.org/en-US/about/manifesto/
2 - Compliance (Based on the compliance history of existing CA operators, and their responsiveness to issues) https://wiki.mozilla.org/CA/Incident_Dashboard
3 - Replacing Existing (Existing CA operators that are replacing an already-included root certificate) https://wiki.mozilla.org/CA/Certificate_Change_Process
4 - Responsiveness/Complete and Timely (Applicant provides clear, complete, concise and timely responses to questions, comments, or concerns about their root inclusion request)
5 - Single-Purpose, Separate Roots (Hierarchies that are separated by root for a particular purpose) https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#CA_Hierarchy
6 - CA Hierarchy Control (CA hierarchies comprised solely of CAs fully controlled by the applicant) https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#53-intermediate-certificates
7 - Completeness (Applicant completes all information in CCADB) https://wiki.mozilla.org/CA/Information_Checklist#Create_a_Root_Inclusion_Case
8 - CPS Quality (Initially provided CP/CPS documents fully meet Mozilla’s Root Store Policy and the CAB Forum Baseline Requirements) https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#Publicly_Available_CP_and_CPS
9 - Updating Trust Bits or EV-Enablement of Already-Included Root Certificate (Existing CAs that are only requesting EV enablement or adding a trust bit to an already-included root certificate) https://wiki.mozilla.org/CA/Certificate_Change_Process#Enable_EV
10 - Ready (Detailed CP/CPS Review is complete and CA is “Ready for Discussion”) https://wiki.mozilla.org/CA/Application_Verification