CA/Application Instructions: Difference between revisions

Jump to navigation Jump to search

CA/Application Instructions (view source)

Revision as of 23:24, 4 February 2016

8 bytes added ,  4 February 2016
→‎After Inclusion
Line 275: Line 275:


CAs are required to:
CAs are required to:
* Annually provide a public-facing statement of attestation of their conformance to the stated verification requirements. ([https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ section 4])
* Annually provide public-facing statement(s) of attestation of their conformance to the stated verification requirements. ([https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ section 4])
* Notify Mozilla when its policies and business practices change in regards to verification procedures for issuing certificates, when the ownership control of the CA’s certificate(s) changes, or when ownership control of the CA’s operations changes. ([https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ section 5])
* Notify Mozilla when its policies and business practices change in regards to verification procedures for issuing certificates, when the ownership control of the CA’s certificate(s) changes, or when ownership control of the CA’s operations changes. ([https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ section 5])
* Ensure that Mozilla has their current contact information. ([https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ section 6])
* Ensure that Mozilla has their current contact information. ([https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/ section 6])


Additionally, CAs must maintain their data in the [[CA:SalesforceCommunity|CA Community in Salesforce]] about:
Additionally, CAs must maintain their data in the [[CA:SalesforceCommunity|CA Community in Salesforce]] about:
* All certificates that are capable of being used to issue new certificates, and which directly or transitively chain to a certificate included in Mozilla’s CA Certificate Program that are not technically constrained as described in section 9 of [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/ Mozilla's CA Certificate Inclusion Policy].
* All certificates that are capable of being used to issue new certificates, and which directly or transitively chain to their certificate(s) included in Mozilla’s CA Certificate Program that are not technically constrained as described in section 9 of [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/ Mozilla's CA Certificate Inclusion Policy].
* [[CA:ImprovingRevocation#Preload_Revocations_of_Intermediate_CA_Certificates|Revoked intermediate certificates]].
* [[CA:ImprovingRevocation#Preload_Revocations_of_Intermediate_CA_Certificates|Revoked intermediate certificates]].


Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1115971"

Navigation menu