Confirmed users, Administrators
5,526
edits
CA/CertEnforcementPolicyV2.1: Difference between revisions
→Mozilla CA Certificate Enforcement Policy (Version 2.1)
(Created page with "'''This page is a snapshot of a previous version of Mozilla's CA Certificate Policy.''' [http://www.mozilla.org/projects/security/certs/policy/ Click here to view Mozilla's C...") |
|||
| Line 9: | Line 9: | ||
This is the official Mozilla policy for enforcing the [[CA:CertPolicyV2.1 | Mozilla CA Certificate Policy:]] | This is the official Mozilla policy for enforcing the [[CA:CertPolicyV2.1 | Mozilla CA Certificate Policy:]] | ||
# When a serious security concern is noticed, such as a major root compromise, it should be treated as a security-sensitive bug, and the [http://www.mozilla.org/projects/security/security-bugs-policy.html Mozilla Policy for Handling Security Bugs] should be followed. | # When a serious security concern is noticed, such as a major root compromise, it should be treated as a security-sensitive bug, and the [http://www.mozilla.org/projects/security/security-bugs-policy.html Mozilla Policy for Handling Security Bugs] should be followed. | ||
# Mozilla may, at its sole discretion, disable or remove a certificate at any time and for any reason. Mozilla will disable or remove a certificate if the CA demonstrates ongoing or egregious practices that do not maintain the level of service that was established in the [[CA:CertInclusionPolicyV2.1 | Inclusion Section of the Mozilla CA Certificate Policy]] or that do not comply with the requirements of the [[CA:CertMaintenancePolicyV2.1 | Maintenance Section of the Mozilla CA Certificate Policy.]] | # Mozilla may, at its sole discretion, disable (partially or fully) or remove a certificate at any time and for any reason. Mozilla will disable or remove a certificate if the CA demonstrates ongoing or egregious practices that do not maintain the level of service that was established in the [[CA:CertInclusionPolicyV2.1 | Inclusion Section of the Mozilla CA Certificate Policy]] or that do not comply with the requirements of the [[CA:CertMaintenancePolicyV2.1 | Maintenance Section of the Mozilla CA Certificate Policy.]] | ||
# A certificate is disabled by turning off one or more of the three trust bits (Websites, Email, Code Signing). | # A certificate is disabled by turning off one or more of the three trust bits (Websites, Email, Code Signing). Disablement or removal of a certificate may be initiated by submitting a bug report to the mozilla.org Bugzilla system, as described in the [[CA:Root_Change_Process | Root Change Process]] or the [http://www.mozilla.org/projects/security/security-bugs-policy.html Mozilla Policy for Handling Security Bugs.] | ||
# If Mozilla disables or removes a CA's certificate(s) from Mozilla's products based on a CA's actions (or failure to act) that are contrary to the [[CA:CertPolicyV2.1 | Mozilla CA Certificate Policy,]] Mozilla shall publicize that fact in newsgroups on the news.mozilla.org server, on Web pages in the www.mozilla.org and www.mozilla.com domains, in news releases sent to organizations specializing in computer and Internet news, or as an alert to the US-CERT organization of the U.S. Department of Homeland Security. | # If Mozilla disables or removes a CA's certificate(s) from Mozilla's products based on a CA's actions (or failure to act) that are contrary to the [[CA:CertPolicyV2.1 | Mozilla CA Certificate Policy,]] Mozilla shall publicize that fact in newsgroups on the news.mozilla.org server, on Web pages in the www.mozilla.org and www.mozilla.com domains, in news releases sent to organizations specializing in computer and Internet news, or as an alert to the US-CERT organization of the U.S. Department of Homeland Security. | ||