CA/Required or Recommended Practices: Difference between revisions

From MozillaWiki
< CA
Jump to navigation Jump to search
(Create initial page)
 
Line 5: Line 5:
Recommended practices:
Recommended practices:


* CAs should supply a complete Certification Practice Statement (CPS) containing sufficient information to determine whether and how the CA complies with the Mozilla policy requirements.
* CAs should supply the complete Certification Policy (CP) and Certification Practice Statement (CPS) containing sufficient information to determine whether and how the CA complies with the Mozilla policy requirements.
** The CPS should be publicly available from the CA's official web site.
** The CP/CPS should be publicly available from the CA's official web site.
** The format of the CPS document should be PDF or another suitable format for  reading documents. CAs should ''not'' use Microsoft Word or other formats intended primarily for editable documents.
** The format of the CP/CPS document should be PDF or another suitable format for  reading documents. CAs should ''not'' use Microsoft Word or other formats intended primarily for editable documents.
** The CPS should be available in an English version.
** The CP/CPS should be available in an English version.


* CAs should supply evidence of their being evaluated according to one or more of the criteria accepted as suitable per the Mozilla policy.
* CAs should supply evidence of their being evaluated according to one or more of the criteria accepted as suitable per the Mozilla policy.
** All documents supplied as evidence should be publicly available.
** All documents supplied as evidence should be publicly available.
** Documents purporting to be from the CA's auditor (or other evaluator) should be available directly from the auditor (e.g., as documents downloadable from the auditor's web site.)
** Documents purporting to be from the CA's auditor (or other evaluator) should be available directly from the auditor (e.g., as documents downloadable from the auditor's web site.)

Revision as of 00:33, 27 November 2007

CA Recommended Practices

This page contains a draft set of recommended practices for CAs wishing to have their root CA certificates included in Mozilla products. In some cases these practices are specified or implied by the Mozilla CA certificate policy, and are mandatory for a CA to have its root certificate(s) included. In other cases the recommended practices are not mandatory per policy, but will help speed up a CA's application for inclusion and maximize the chances of its application being approved.

Recommended practices:

  • CAs should supply the complete Certification Policy (CP) and Certification Practice Statement (CPS) containing sufficient information to determine whether and how the CA complies with the Mozilla policy requirements.
    • The CP/CPS should be publicly available from the CA's official web site.
    • The format of the CP/CPS document should be PDF or another suitable format for reading documents. CAs should not use Microsoft Word or other formats intended primarily for editable documents.
    • The CP/CPS should be available in an English version.
  • CAs should supply evidence of their being evaluated according to one or more of the criteria accepted as suitable per the Mozilla policy.
    • All documents supplied as evidence should be publicly available.
    • Documents purporting to be from the CA's auditor (or other evaluator) should be available directly from the auditor (e.g., as documents downloadable from the auditor's web site.)
Retrieved from "https://wiki.allizom.org/index.php?title=CA/Required_or_Recommended_Practices&oldid=76209"