Confirmed users, Administrators
5,526
edits
CA:RootTransferPolicy: Difference between revisions
Jump to navigation
Jump to search
no edit summary
(Created page with "{{DRAFT}} Under discussion in mozilla.dev.security.policy The purpose of this page is to document Mozilla’s expectations when the ownership of an included root certificate...") |
No edit summary |
||
| Line 4: | Line 4: | ||
There are different ways the ownership of a root certificate may change, which may include one or more of the following. | There are different ways the ownership of a root certificate may change, which may include one or more of the following. | ||
* Legal | * '''Change in Legal Ownership''', such as when one company buys another. | ||
** This does not necessarily imply that there will be a change in operation of the root | ** This does not necessarily imply that there will be a change in operation of the root certificate or change in location of the private keys. | ||
* Physical | * '''Physical Relocation''' of the root certificate's private keys. Circumstances may include one of the following. | ||
** CA relocates their private keys to another location owned by that CA. | ** CA relocates their private keys to another location owned by that CA. | ||
** CA1 transfers the private keys to CA2, where CA2 already has other root certificates included in Mozilla’s program. | ** CA1 transfers the private keys to CA2, where CA2 already has other root certificates included in Mozilla’s program. | ||
** CA1 transfers the private keys to CA3, where CA3 does not have root certificates included in Mozilla’s program. | ** CA1 transfers the private keys to CA3, where CA3 does not have root certificates included in Mozilla’s program. | ||
* Personnel | * '''Personnel Changes''', which may include one or more of the following. | ||
** Operation of the PKI is transferred to a different organization who is already operating root certificates included in Mozilla’s program. | ** Operation of the PKI is transferred to a different organization who is already operating root certificates included in Mozilla’s program. | ||
** Operation of the PKI is transferred to a different organization who does not currently operate a root certificate included in Mozilla’s program. | ** Operation of the PKI is transferred to a different organization who does not currently operate a root certificate included in Mozilla’s program. | ||
** The organization operating the PKI remains the same, but is transferred to a different company or owner. | ** The organization operating the PKI remains the same, but the organization is transferred to a different company or owner. | ||