Confirmed users, Administrators
5,526
edits
CA/Root Store Policy Archive: Difference between revisions
Jump to navigation
Jump to search
CA/Root Store Policy Archive (view source)
Revision as of 17:56, 8 September 2015
, 8 September 2015→To Be Discussed
| Line 135: | Line 135: | ||
#* Note that when scrolling through the Auditor column in the [http://www.mozilla.org/projects/security/certs/included/index.html included spreadsheet] it looks like distinguishing based on the auditing would only currently find one included CA. However, this still may be worth considering, as there are other CAs who have applied for inclusion and have their audits done by internal government organizations. | #* Note that when scrolling through the Auditor column in the [http://www.mozilla.org/projects/security/certs/included/index.html included spreadsheet] it looks like distinguishing based on the auditing would only currently find one included CA. However, this still may be worth considering, as there are other CAs who have applied for inclusion and have their audits done by internal government organizations. | ||
# Add a requirement for CAs to provide English-translated versions of their complete CP / CPS | # Add a requirement for CAs to provide English-translated versions of their complete CP / CPS | ||
# Clarify which audit criteria are required depending on which trust bits are set. In particular, root certs with only the S/MIME trust bit set will have different audit criteria requirements than root certs with the Websites trust bit set. | |||
# Remove Code Signing trust bits. As of Firefox 38, add-ons are signed using Mozilla's own roots. There doesn't appear to be anyone else using the roots in the NSS root store for Code Signing. -- currently under discussion in mozilla.dev.security.policy. | |||
==== Will NOT Do ==== | ==== Will NOT Do ==== | ||