NSS:CAInclusionProcessIssues: Difference between revisions

NSS:CAInclusionProcessIssues (view source)

117 bytes added , 19 January 2012

m

Confirmed users, Administrators

5,526

edits

@@ Line 12: / Line 12: @@
 The current WebTrust and ETSI audits don't sufficiently check network security protections.
-* [https://wiki.mozilla.org/CA:Communications#September_8.2C_2011 CA Communication sent to CAs in September.] All CAs must appropriately respond to that communication and provide further information in those areas before their inclusion request may enter public discussion.
+* [https://wiki.mozilla.org/CA:Communications#September_8.2C_2011 CA Communication sent to CAs in September.] The action items for already included CAs are being tracked to completion. All CAs with requests in the queue for discussion must appropriately respond to that communication and provide further information in those areas before their inclusion request may enter public discussion.
 * Updating [http://www.mozilla.org/projects/security/certs/policy/WorkInProgress/InclusionPolicy.html Mozilla's CA Certificate Policy] to add a requirement for CAs to comply with the [http://www.cabforum.org/ CA/Browser Forum’s Baseline Requirements,] and be audited to those criteria. In particular, BR 16 addresses data security, risk assessment, security, plan, system security, and private key protection. This is currently in discussion in m.d.s.policy. CAB Forum is working to have audits include the BRs by the end of 2012.