CA:DraftPage
DRAFT
Schedule for CA evaluations
Note that this schedule is tentative and may change without warning based on unforeseen circumstances. Nothing in this schedule shall be construed as a commitment by the Mozilla Foundation or the Mozilla project in general.
General timeline
Our process for evaluating CA requests is as follows:
- We assign CAs into different groups according to the general priority of processing their requests, and then assign each CA a specific target date for beginning public discussion of their request(s).
- Prior to the target date for a CA we gather any needed information from the CA; if for some reason we cannot obtain the needed information then we will postpone consideration of the CA and schedule some other CA for that target date.
- Once a CA enters the public discussion period we allow one week for public comment on the CA's request, after which we will make a decision as to whether to approve the request.
- If a request is approved then we will file bugs against the appropriate developer(s) to have the necessary changes made to NSS (for CA root inclusion) or PSM (for EV-enabling a CA) or both.
- If a request is not approved due to outstanding issues that need to be addressed (e.g., a need for further information, or concerns about CA practices) then the request will be put back in the queue and reassigned a new target date for public discussion once the issues have been resolved.
Once bugs are filed against NSS and/or PSM the schedule is set first by the NSS/PSM developer(s) (for making the technical changes) and then by the product teams for Firefox and other products (to include the new changes in a release of Firefox, etc.) In general it may take 2-3 months or even longer for changes to go into a shipping version of Firefox (typically into a security update release). For products like Firefox that have automated update mechanisms, once a new release is distributed via automated update the vast majority of users will receive the update (including any CA-related changes) within 2-3 weeks.
Priority groups
CAs are assigned priorities based on the following factors, among others:
- length of time the CA has been in the queue
- whether information gathering for the CA has been completed
- whether the request is for EV status or not
- market share of the CA
- size and importance of the CA's geographic market
- for government CAs, whether the government is national or regional
The following CAs will likely have higher priority in the schedule; note that the CAs are listed in alphabetical order:
- Chunghwa Telecom eCA (much older request than bug number indicates)
- DCSSI (national CA)
- FNMT (national CA)
- ICP-Brasil (national CA)
- KISA (national CA)
- SECOM Trust (important commercial CA in its region)
- T-Systems (already in process, need to re-start public discussion)
The following CA requests will likely have lower priority in the schedule; again these are listed in alphabetical order:
- ACCV (regional government CA)
- CATCert (regional government CA)
- Comodo (401587) (EV request for legacy roots, not clear if this is actually needed)
- Izenpe (regional government CA)
- Trustis (waiting on ETSI audit)
- VeriSign/GeoTrust/thawte (420760) (EV request for legacy roots, not clear if this is actually needed)
Queue for Public Discussion
The following queue indicates the order in which requests will enter public discussion. The goal is to start one public discussion per week. To be added to this queue, a request must first achieve the "Information Confirmed Complete" status. However, further information may still be needed before the public discussion can begin, such as an updated audit. If a particular request isn't quite ready when it is their turn, the next request in the queue will take it's place.
| CA | Bug ID | Geographic focus | Audit Date | Status | Notes |
|---|---|---|---|---|---|
| SECOM Trust | 394419 | Japan | 10/31/2008 | Ready for Second Public Discussion | EV |
| Microsec Ltd | 370505 | Hungary | 8/19/2008 | Ready for Second Public Discussion | OCSP issues resolved, request for CPS in English |
| S-TRUST | 370627 | Germany | 5/2/2008 | In Public Discussion | Issue with new root every year |
| KISA | 335197 | Korea | Need | Responding to First Public Discussion | need to complete sub-CA review |
| T-Systems | 378882 | Germany | 12/3/2007 | Responding to First Public Discussion | need to complete sub-CA review |
| DCSSI | 368970 | France | 11/20/2008 | In Queue | national government CA |
| Certigna | 393166 | Europe | 8/20/2008 | In Queue | |
| Hongkong Post | 408949 | China | 3/10/2008 | In Queue | national government CA |
| Comsign | 420705 | Israel | 11/9/2008 | In Queue | |
| TC TrustCenter | 392024 | Germany | 8/3/2007 | In Queue | Class 1, 2, and 3 |
| Certicámara SA | 401262 | Spain | 3/31/2008 | In Queue | |
| SSC, Lithuanian National Root | 379152 | Lithuania | 2006 | In Queue | national government CA |
| Kamu Sertifikasyon Merkezi | 381974 | Turkey | 6/18/2007 | In Queue | national government CA |
| Sertifitseerimiskeskus AS | 414520 | Baltic region | 10/31/2007 | In Queue | CRL has critical CIDP |
| Verizon/Cybertrust | 430700 | global | 7/28/2008 | In Queue | EV, has resellers |
| Verizon/CyberTrust | 430694 | global | 7/28/2008 | In Queue | EV, has resellers |
| Verizon/CyberTrust | 430698 | global | 7/28/2008 | In Queue | EV, has resellers |
| E-Tugra | 443653 | Turkey | 5/16/2007 | In Queue | |
| SwissSign | 453460 | Switzerland | 11/3/2008 | In Queue | EV |
| Disig | 455878 | Slovakia | 5/31/2008 | In Queue | |
| Verisign | 409235 | global | 1/31/2008 | In Queue | ECC |
| GeoTrust | 409236 | global | 1/31/2008 | In Queue | ECC |
| thawte | 409237 | global | 1/31/2008 | In Queue | ECC |
Requests in the Information Gathering and Verification Phase
The following CAs are in the Information Gathering and Verification Phase as described in CA:How_to_apply. These requests need to complete the Information Gathering and Verification Phase before they can be put into the queue for public discussion.
| ACCV | 274100 | Spain | regional government CA | |
| CATCert | 295474 | Spain | regional government CA, add to pending list | |
| Trustis | 324126 | Europe | awaiting ETSI audit | |
| ARGE DATEN | 348987 | Austria | ||
| Izenpe | 361957 | Spain | EV, regional government CA | |
| DigiNotar | 369357 | Netherlands | EV | |
| Comodo | 401587 | global | EV, not needed for legacy roots? | |
| VeriSign | 402947 | global | additional trust flags | |
| Camerifirma | 406968 | Spain | ||
| thawte | 407163 | global | additional trust flags | |
| GeoTrust | 407168 | global | additional trust flags | |
| VAS "Latvijas Pasts" | 412747 | Latvia | ||
| Entrust | 416544 | global | EV | |
| VeriSign, GeoTrust and thawte | 420760 | global | EV, no longer needed? | |
| TÜRKTRUST | 433845 | Turkey | ||
| Swiss BIT | 435026 | Switzerland | ||
| FNMT | 435736 | Spain | national government CA | |
| Staat der Nederlanden | 436056 | Netherlands | national government CA | |
| TC TrustCenter | 436467 | Germany | EV | |
| ICP-Brasil | 438825 | Brazil | national government CA | |
| Chunghwa Telecom eCA | 448794 | Taiwan | ||
| StartCom | 451298 | Israel | add code signing and EV | |
| Serasa S.A. | 457921 | Brazil | ||
| Finnish Population Register | 463989 | Finland | add to pending list | |
| D-TRUST | 467891 | add to pending list | ||
| Certsign | 470756 | add to pending list | ||
| ACEDICOM | 471045 | add to pending list | ||
| Japan GPKI | 474706 | Japan | national government CA |