Confirm, administrator
5,526
edits
Changes
no edit summary
}}
{{FeaturePageBody
|Feature overview=https://docsCreate a tests that check for Mozilla CA Policy compliance, BR compliance, and (optionally) EV compliance.google.com/a/mozillaAs we gather data about how well these policies are being followed, then we can add these checks directly into PSM.com/spreadsheet/ccc?key=0AroPYigJXMK4dDZBcWQ1bTd6eVRoZ3hFQ1JyUk5iRGc#gid=0
We should check key constraints (be able to run the tests separately for a cert chain or website, and over data such as the EFF or CT data. The tests should provide info about the cert chain and other constraints) recommended by our [httppolicies that are not being followed. Information about things this test suite should look for:https://wwwbugzilla.mozilla.org/en-USshow_bug.cgi?id=927184 Note that the weak key issue is being tracked in a separate feature page: https:/about/governancewiki.mozilla.org/policiesSecurity/security-groupFeatures/certs/policy/ CA Policy] and the CAB Forum Baseline Requirements as checks in PSM.Certs_Disallow_Weak_Keys
|Feature users and use cases=We can automatically detect and block unsafe configuration of certificates and HTTPS connections that are weak.
}}
