Confirm
344
edits
Changes
m
→Process Overview: Minor edits
#* All information provided by the CA must be publicly available.
#* If the CA contracts to another organization to help with the root inclusion request, the representative of the CA must clarify that relationship in their request, and must provide clear information about who the ongoing [[CA/Information_Checklist#CA_Primary_Point_of_Contact_.28POC.29|points-of-contact]] will be for the CA.
# A representative of Mozilla or another Root Store Member of the CCADB [[CA/Application_Verification#Information_Verification|confirms all information was provided by the CA]]. '''NEW:''' See Refer to [https://www.ccadb.org/cas/public-group#root-inclusion-public-discussion "Prerequisites" to public discussion] that , which is conducted on the [https://groups.google.com/a/ccadb.org/g/public CCADB discussion list!]# [[CA/Application_Verification#Public_discussion|Public discussion]] for a six-week period begins on the [https://groups.google.com/a/ccadb.org/g/public CCADB discussion list]. If no concerns are raised during that time period, then the discussion may close and the request may proceed to the "last call" and approval phasephases.
# During the public-discussion phase, a representative of Mozilla, another Root Store Member of the CCADB, or the Community (as agreed by a Mozilla representative) performs a [[CA/Application_Verification#Detailed_Review|detailed review of the CA’s CP/CPS and audit documents]]. During this phase, the CA may be required to update their CP/CPS and audit documents to become fully aligned with [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla's Root Store Policy].
#* [[CA/CPS_Review|Previous detailed reviews of CA CP/CPS and audit documents]]
# At the end of the six-week public discussion period, a representative of Mozilla or the Root Store Member who initiated the public discussion provides a summary within 5 business days noting any objections or open questions that did not receive a response from the CA owner and states the public discussion period has concluded.
#* If there are outstanding issues that need to be addressed (e.g., a need for further information, or concerns about CA practices) then the request may be closed, moved back to the Information Verification phase, or put on hold pending future discussion after the CA has addressed the concerns.
# Following public discussion, a representative of Mozilla will post on the [https://groups.google.com/a/mozilla.org/g/dev-security-policy Mozilla dev-security-policy list ] and indicate an Mozilla's intent to either to approve or reject the inclusion request for inclusion.
#* This is the last call for objection. After one week, if no further questions or concerns are raised, then a representative of Mozilla may approve the request, by stating so in the bug.
# A representative of Mozilla [[CA/Application_Verification#NSS_and_PSM_Bug_Creation|creates a bug requesting the actual changes]] in NSS (and PSM for EV treatment).
