Personal tools

CA:Schedule

From MozillaWiki

Jump to: navigation, search

Contents

Schedule for CA evaluations

Note that this schedule is tentative and may change without warning based on unforeseen circumstances. Nothing in this schedule shall be construed as a commitment by the Mozilla Foundation or the Mozilla project in general.

General timeline

Our process for evaluating CA requests is as follows:

  1. CAs will be added into the queue for public discussion after they have completed the Information Gathering and Verification phase as described in CA:How_to_apply.
  2. Prior to entering public discussion we may need to gather further information or an updated audit from the CA; if for some reason we cannot obtain the needed information then the next CA in the queue will be considered for public discussion.
  3. Once a CA enters the public discussion period a representative of the CA must promptly respond in the discussion to any questions or concerns that are raised. If a CA delays their response for more than one week, then their discussion may be closed.
  4. During the course of the discussion, we will make a decision as to whether to approve the request.
  5. If the discussion results in moving forward with approval, then a representative of Mozilla will summarize the request in the bug, and indicate the plan to approve the request. After about one week, if no further questions or concerns are raised, then the representative of Mozilla may approve the request. Once a request is approved then a representative of Mozilla will file bug(s) against the appropriate developer(s) to have the necessary changes made to NSS (for CA root inclusion) or PSM (for EV-enabling a CA) or both.
  6. If a request is not approved due to outstanding issues that need to be addressed (e.g., a need for further information, or concerns about CA practices) then the request will wither be closed, or will be added to the list of CAs responding to the first discussion. A second round of public discussion may be needed after the issues have been resolved.

Once bugs are filed against NSS and/or PSM the schedule is set first by the NSS/PSM developer(s) (for making the technical changes) and then by the product teams for Firefox and other products (to include the new changes in a release of Firefox, etc.) Root certificate changes to NSS/PSM are usually grouped and done as a batch when there is either a large enough set of changes or about every 3 months. When the developer makes the changes, a test build will be provided and the bug will be updated to request that you test it. After the NSS/PSM changes are committed to an NSS release, then a future version of Firefox will include the updated version of NSS/PSM.

Queue for Public Discussion

The following queue indicates the order in which requests will enter public discussion for root inclusion request from CAs who do not currently have a root certificate included in NSS. In general, only one or two of these requests may be in discussion at any given point. The amount of time that each discussion takes varies dramatically depending on the number of reviewers contributing to the discussion, and the types of concerns that are raised. For each discussion, there must be input from at least two people who have reviewed and commented on the request. To be added to this queue, a request must first achieve the "Information Confirmed Complete" status.

CA Company Name Bug ID Geographic focus Audit Date yyyy.mm.dd Status Notes
CSOEC 844163 France 2012.11.26 First discussion started Sept 9 On hold, pending POC and relevance decisions
WoSign 851435 China 2013.01.15 Second discussion started on April 8 EV
- - - - -
LuxTrust 944783 Luxembourg 2012.11.16 Need BR and EV audits EV
- - - - -

Requests from Already Included CAs that are in or Ready for Discussion

These requests are from CAs that already have roots included in NSS. The requests may be discussed in parallel; the goal is to start each discussion as soon as the information is ready. In general, these requests will remain in discussion for 2 weeks unless further discussion is warranted. To be added to this queue, a request must first achieve the "Information Confirmed Complete" status.

CA Company Name Bug ID Geographic focus Audit Date yyyy.mm.dd Status Notes
DigiCert 908827 US 2013.07.12 Pending BR audit and approval EV
QuoVadis 926541 Global 2013.05.31 First Discussion Started on April 7 EV
- - - - -

CAs Responding to First Discussion

The following list shows the CAs who have gone through the first round of public discussion, and have resulting action items to complete before the second round of public discussion may begin.

CA Company Name Bug ID Geographic focus Audit Date yyyy.mm.dd Status Notes
KISA 335197 Korea Need Audit Super-CA Super-CA -- Sub-CAs should apply for inclusion separately
SSC, Lithuanian National Root 379152 Lithuania Need Audit Responding to First Discussion national government CA, Update root roles, CPS, audit
Verizon/CyberTrust 430698 global Need Audit Responding to First Discussion EV, no OCSP, has resellers
Swiss BIT 435026 Switzerland Need Audit Responding to First Discussion Need new root with clear Issuer info, Update CPS
ICP-Brasil 438825 Brazil Need Audit Super-CA Super-CA -- Sub-CAs should apply for inclusion separately
Finnish Population Register 463989 Finland 2008.02.28 Responding to First Discussion national government CA. Need audit for SSL and code signing CPS
US FPKI 478418 US 2012.02.28 Technical Evaluation and Testing national government CA
NIC 511380 India 2010.02.22 Responding to First Discussion Signed by India CCA. Need to update CPS.
E-ME 518098 Latvia 2011.05.02 Approval Pending Discussion Action Items bug 518098#c95
ANSSI 693450 France 2011.12.15 bug 693450#c23 Government CA

Requests in the Information Gathering and Verification Phase

The following CAs are in the Information Gathering and Verification Phase as described in CA:How_to_apply. These requests need to complete the Information Gathering and Verification Phase before they can be put into the queue for public discussion.

CA Company Name Bug ID Number Geographic focus Notes
FNMT 435736 Spain national government CA, Need updated info, audit
SUSCERTE 489240 Venezuela Super-CA -- Sub-CAs should apply for inclusion separately
ANF 555156 European Union
CCA 557167 India Super-CA -- Sub-CAs should apply for inclusion separately
IDRBT 562764 India Signed by India CCA
TCS 562766 India Signed by India CCA, add to pending
MTNL 562769 India Signed by India CCA, add to pending
nCode 562772 India Signed by India CCA, add to pending
eMudhra 562774 India Signed by India CCA, add to pending
SHECA 566310 China
Collier 590593 US add to pending
Comodo 606947 Global EV
Netrust 632292 Singapore
Visa 636557 Global
EADTrust 640135 Spain add to pending, Regional government CA
PostSignum 643398 Czech Republic National government CA
PSC-FII 667466 Venezuela Signed by SUSCERTE (bug #489240)
ComSign 675060 Israel Current CPS doesn't sufficiently describe verification of email address
Digidentity 693273 Netherlands
CATCert 720326 Spain EV
SITHS 792337 Sweden
KIR 817994 Poland
GlobalSign 825954 Global EV, ECC
Symantec / VeriSign 833974 Global EV for included ECC root
Symantec 833986 Global New Symantec branded roots, add to pending
Symantec / Thawte 833996 Global EV, DSA, add to pending
Symantec / Thawte 833998 Global EV for included ECC root
Symantec / GeoTrust 834001 Global EV, DSA, add to pending
Symantec / GeoTrust 834004 Global EV for included ECC root
OATI 848766 US
Entrust 849950 Global EV
E-Guven 854384 Turkey add to pending
MOSPA 867002 Korea Government CA, add to pending
GPKI 870185 Japan Government CA
IdenTrust 873118 Global email trust bit
ACRN 925740 Uruguay Add to pending
CFCA 926029 China EV
Certinomis 937589 France
Athens Exchange 957548 Greece
AC Camerfirma 986854 Spain EV, add to pending

Requests in the Inclusion Phase

The following CAs have been approved and are in the Inclusion Phase as described in CA:How_to_apply.

CA Company Name Bug ID Geographic focus Notes
Entrust 694536 Global FF23 - pending EV
Firmaprofesional 794036 Spain EV-FF30
TWCA 810133 Taiwan FF27, EV-FF30
E-Tugra 877744 Turkey FF29, EV-FF30
Actalis 957548 Italy EV

Included CAs

Spreadsheet of all included root certificates