Schedule for CA evaluations
Note that this schedule is tentative and may change without warning based on unforeseen circumstances. Nothing in this schedule shall be construed as a commitment by the Mozilla Foundation or the Mozilla project in general.
Our process for evaluating CA requests is as follows:
- CAs will be added into the queue for public discussion after they have completed the Information Gathering and Verification phase as described in CA:How_to_apply.
- Prior to entering public discussion we may need to gather further information or an updated audit from the CA; if for some reason we cannot obtain the needed information then the next CA in the queue will be considered for public discussion.
- Once a CA enters the public discussion period a representative of the CA must promptly respond in the discussion to any questions or concerns that are raised. If a CA delays their response for more than one week, then their discussion may be closed.
- During the course of the discussion, we will make a decision as to whether to approve the request.
- If the discussion results in moving forward with approval, then a representative of Mozilla will summarize the request in the bug, and indicate the plan to approve the request. After about one week, if no further questions or concerns are raised, then the representative of Mozilla may approve the request. Once a request is approved then a representative of Mozilla will file bug(s) against the appropriate developer(s) to have the necessary changes made to NSS (for CA root inclusion) or PSM (for EV-enabling a CA) or both.
- A discussion may be put on hold, pending a CA action item, such that the discussion may continue as soon as the CA has provided the requested information.
- If a request is not approved due to outstanding issues that need to be addressed (e.g., a need for further information, or concerns about CA practices) then the request will wither be closed, or will be added to the list of CAs responding to the first discussion. A second round of public discussion may be needed after the issues have been resolved.
Once bugs are filed against NSS and/or PSM the schedule is set first by the NSS/PSM developer(s) (for making the technical changes) and then by the product teams for Firefox and other products (to include the new changes in a release of Firefox, etc.) Root certificate changes to NSS/PSM are usually grouped and done as a batch when there is either a large enough set of changes or about every 3 months. When the developer makes the changes, a test build will be provided and the bug will be updated to request that you test it. After the NSS/PSM changes are committed to an NSS release, then a future version of Firefox will include the updated version of NSS/PSM.
Queue for Public Discussion
The queue for discussion has been moved here:
All other status relating to CA inclusion/update requests may be found here: https://wiki.mozilla.org/CA/Dashboard
Roots Being Removed
Upcoming Root Cert Removals:
Certs that have been Removed:
Spreadsheet of all included root certificates: