Confirmed users, Administrators
5,526
edits
CA/Root Store Policy Archive: Difference between revisions
Jump to navigation
Jump to search
CA/Root Store Policy Archive (view source)
Revision as of 16:40, 10 December 2015
, 10 December 2015→Consider for Version 3.0
| Line 145: | Line 145: | ||
# ''In item #8 of the [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ Maintenance Policy] add DSA 2048. -- [https://groups.google.com/d/msg/mozilla.dev.security.policy/JFmDFlHILOY/KHJzcJezpnQJ Discussion result:]No, we should not add DSA support to Mozilla's CA Certificate Policy, and mozilla::pkix does not need to support DSA certificates.'' | # ''In item #8 of the [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ Maintenance Policy] add DSA 2048. -- [https://groups.google.com/d/msg/mozilla.dev.security.policy/JFmDFlHILOY/KHJzcJezpnQJ Discussion result:]No, we should not add DSA support to Mozilla's CA Certificate Policy, and mozilla::pkix does not need to support DSA certificates.'' | ||
=== Consider for Version | === Consider for Version 2.4 === | ||
Things that should be discussed when updating Mozilla's Policy to version 2.4: | |||
* Currently we are not tracking the actual audit periods, so no one is currently enforcing the rule in the BRs: "The period during which the CA issues Certificates SHALL be divided into an unbroken sequence of audit periods. An audit period MUST NOT exceed one year in duration." We could track this data in Salesforce, but we need to have policy around what the consequence should be whenever the rule is violated. | |||
=== Items to Add/Update in the Policy === | === Items to Add/Update in the Policy === | ||