Confirmed users, Administrators
5,526
edits
CA:RootTransferPolicy: Difference between revisions
m
→Change in Legal Ownership
| Line 8: | Line 8: | ||
Another example of a change in legal ownership is when an organization buys a root certificate's private key. Such a transition may involve physically relocating the private key, and may involve a change in the key personnel who operate the root certificate's private key and the certificate hierarchy. | Another example of a change in legal ownership is when an organization buys a root certificate's private key. Such a transition may involve physically relocating the private key, and may involve a change in the key personnel who operate the root certificate's private key and the certificate hierarchy. | ||
The CA should [mailto:certificates@mozilla.org notify Mozilla] whenever there is going to be a change of ownership of an included root certificate's private key. The CA who is transferring ownership of the root certificate’s private key must ensure that the transfer recipient is able to fully comply with [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla’s CA Certificate Policy]. The original CA will continue to be responsible for the root certificate's private key until the transfer recipient has provided Mozilla with their [[CA:Information_checklist#CA_Primary_Point_of_Contact_.28POC.29|Primary Point of Contact]], CP/CPS documentation, and audit statement confirming successful transfer of the root certificate. | The CA should [mailto:certificates@mozilla.org notify Mozilla] whenever there is going to be a change of ownership of an [[CA:IncludedCAs|included root certificate's]] private key. The CA who is transferring ownership of the root certificate’s private key must ensure that the transfer recipient is able to fully comply with [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla’s CA Certificate Policy]. The original CA will continue to be responsible for the root certificate's private key until the transfer recipient has provided Mozilla with their [[CA:Information_checklist#CA_Primary_Point_of_Contact_.28POC.29|Primary Point of Contact]], CP/CPS documentation, and audit statement confirming successful transfer of the root certificate. | ||
Whenever the private key of a root certificate is physically moved to a new location, the steps outlined in the [[CA:RootTransferPolicy#Physical_Relocation|Physical Relocation]] section below should be followed. Whenever the organization (i.e. key personnel) operating the private key of a root certificate is changed, the steps outlined in the [[CA:RootTransferPolicy#Personnel_Changes|Personnel Changes]] section below should be followed. | Whenever the private key of a root certificate is physically moved to a new location, the steps outlined in the [[CA:RootTransferPolicy#Physical_Relocation|Physical Relocation]] section below should be followed. Whenever the organization (i.e. key personnel) operating the private key of a root certificate is changed, the steps outlined in the [[CA:RootTransferPolicy#Personnel_Changes|Personnel Changes]] section below should be followed. | ||