Confirmed users, Administrators
5,526
edits
CA:RootTransferPolicy: Difference between revisions
→Change in Legal Ownership
| Line 10: | Line 10: | ||
Another example of a change in legal ownership is when an organization buys a root certificate's private key. Such a transition may involve physically relocating the private key, and may involve a change in the key personnel who operate the root certificate's private key and the certificate hierarchy. | Another example of a change in legal ownership is when an organization buys a root certificate's private key. Such a transition may involve physically relocating the private key, and may involve a change in the key personnel who operate the root certificate's private key and the certificate hierarchy. | ||
An organization operating a root certificate [[CA:IncludedCAs|included in Mozilla's program]] should [mailto:certificates@mozilla.org notify Mozilla] whenever there is a change in legal ownership, and should inform Mozilla about resulting changes to the CP and/or CPS. | |||
An organization operating a root certificate [[CA:IncludedCAs|included in Mozilla's program]] should [mailto:certificates@mozilla.org notify Mozilla] whenever there is going to be a change of ownership of an [[CA:IncludedCAs|included root certificate's]] private key. The organization who is transferring ownership of the root certificate’s private key must ensure that the transfer recipient is able to fully comply with [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla’s CA Certificate Policy]. The original organization will continue to be responsible for the root certificate's private key until the transfer recipient has provided Mozilla with their [[CA:Information_checklist#CA_Primary_Point_of_Contact_.28POC.29|Primary Point of Contact]], CP/CPS documentation, and audit statement confirming successful transfer of the root certificate. | |||
Whenever the private key of an [[CA:IncludedCAs|included root certificate]] is going to be physically moved to a new location, the steps outlined in the [[CA:RootTransferPolicy#Physical_Relocation|Physical Relocation]] section below should be followed. Whenever the organization (i.e. key personnel) operating the private key of an [[CA:IncludedCAs|included root certificate]] is going to change, the steps outlined in the [[CA:RootTransferPolicy#Personnel_Changes|Personnel Changes]] section below should be followed. | Whenever the private key of an [[CA:IncludedCAs|included root certificate]] is going to be physically moved to a new location, the steps outlined in the [[CA:RootTransferPolicy#Physical_Relocation|Physical Relocation]] section below should be followed. Whenever the organization (i.e. key personnel) operating the private key of an [[CA:IncludedCAs|included root certificate]] is going to change, the steps outlined in the [[CA:RootTransferPolicy#Personnel_Changes|Personnel Changes]] section below should be followed. | ||