CA:RootTransferPolicy: Difference between revisions

Jump to navigation Jump to search

CA:RootTransferPolicy (view source)

Revision as of 23:19, 28 May 2015

7 bytes removed ,  28 May 2015
m
→‎Physical Relocation
Line 13: Line 13:


In all of these cases, the CA should take the following steps, and [https://www.mozilla.org/en-US/about/governance/policies/security-group/bugs/ immediately notify Mozilla if a problem occurs].
In all of these cases, the CA should take the following steps, and [https://www.mozilla.org/en-US/about/governance/policies/security-group/bugs/ immediately notify Mozilla if a problem occurs].
# Make sure the annual audit statements are current, and [http://mailto:certificates@mozilla.org notify Mozilla of the pending change].
# Make sure the annual audit statements are current, and [mailto:certificates@mozilla.org notify Mozilla of the pending change].
# Create a transfer plan (and legal agreement if more than one CA is involved) and have it reviewed by the auditors.  
# Create a transfer plan (and legal agreement if more than one CA is involved) and have it reviewed by the auditors.  
#* For example, the transfer ceremony should have a documented ceremony witnessed by auditors and recorded (for posterity), with a physical exchange of the HSM and a physical exchange of the multi-party authorization keys.
#* For example, the transfer ceremony should have a documented ceremony witnessed by auditors and recorded (for posterity), with a physical exchange of the HSM and a physical exchange of the multi-party authorization keys.
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1077344"

Navigation menu