CA/BR Self-Assessment

From MozillaWiki
< CA(Redirected from CA:BRs-Self-Assessment)
Jump to: navigation, search

BR Self-Assessment

CAs with root certificates that have the websites trust bit set are required to perform self-assessments at various times to ensure that their CP and CPS documents and their practices continue to comply with the CA/Browser Forum's Baseline Requirements (BRs). The preparation of this document reduces the load on the Mozilla administration team and makes it more likely the CA's request will be processed in a timely manner.

Template

BR Self-Assessment - Annual

The BRs state: "The CA SHALL develop, implement, enforce, and annually update a Certificate Policy and/or Certification Practice Statement that describes in detail how the CA implements the latest version of these Requirements."

CAs with included root certificates that have the websites trust bit set must do an annual self-assessment of their compliance with the BRs using the above template, and must update their CP and CPS documents at least once every year. You should indicate that this has happened by incrementing the version number and adding a dated changelog entry, even if no other changes are made to the CP and CPS documents.

BR Self-Assessment - Root Inclusion or Update

Mozilla's root inclusion/update process has a Public Discussion phase in which members of the community thoroughly review and discuss each CA's request.

Mozilla requires CAs to perform a side-by-side comparison of their CP and CPS documents to the BRs using the above template, and attach their findings to their Bugzilla bug before their public discussion will be started. During the public discussion in the mozilla.dev.security.policy forum, members of the community will use the CA's self-assessment document to perform their own review, confirm the accuracy of the CA's self-assessment, ask questions, raise concerns, etc.