Confirmed users, Administrators
5,526
edits
CA:RootTransferPolicy: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 3: | Line 3: | ||
The purpose of this page is to document Mozilla’s expectations when the ownership of an included root certificate changes, the organization operating the PKI changes, and/or the private keys of the root certificate are moved to a new location. Throughout such a change, the operation of the root certificate’s private keys and certificate issuance must continue to meet the requirements of [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla’s CA Certificate Policy]. | The purpose of this page is to document Mozilla’s expectations when the ownership of an included root certificate changes, the organization operating the PKI changes, and/or the private keys of the root certificate are moved to a new location. Throughout such a change, the operation of the root certificate’s private keys and certificate issuance must continue to meet the requirements of [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla’s CA Certificate Policy]. | ||
== Change in Legal Ownership == | |||
An example of a change in legal ownership is when one company buys another. This does not necessarily imply that there will be a change in operation of the root certificate or change in location of the root certificate's private keys. The CA should let Mozilla know when their is a change of ownership and the impact to the operation of the root certificate, and must continue to publish their CP/CPS and annual audit statements according to [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla’s CA Certificate Policy]. | |||
== Physical Relocation == | == Physical Relocation == | ||
Physical Relocation of the root certificate's private keys may occur when a CA: | |||
* Relocates their private keys to another location owned by that CA. | |||
* Transfers the private keys to another CA that already has other root certificates included in Mozilla’s program. | |||
* Transfers the private keys to another CA that does not have root certificates included in Mozilla’s program. | |||
In all of these cases, the CA should: | |||
# Make sure the annual audit statements are current, and notify Mozilla of the pending change. | # Make sure the annual audit statements are current, and notify Mozilla of the pending change. | ||
# Create a transfer agreement and have it reviewed by the auditors. | # Create a transfer agreement and have it reviewed by the auditors. | ||
| Line 47: | Line 42: | ||
== Personnel Changes == | == Personnel Changes == | ||
Personnel Changes may include one or more of the following. | |||
* Operation of the PKI is transferred to a different organization who is already operating root certificates included in Mozilla’s program. | |||
* Operation of the PKI is transferred to a different organization who does not currently operate a root certificate included in Mozilla’s program. | |||
* The organization operating the PKI remains the same, but the organization is transferred to a different company or owner. | |||