Confirmed users, Administrators
5,526
edits
CA:RootTransferPolicy: Difference between revisions
m
ciphertext
m (added "and key" to appropriate sentences) |
m (ciphertext) |
||
| Line 23: | Line 23: | ||
# Make sure the annual audit statements are current, and [mailto:certificates@mozilla.org notify Mozilla of the pending change]. | # Make sure the annual audit statements are current, and [mailto:certificates@mozilla.org notify Mozilla of the pending change]. | ||
# Create a transfer plan (and legal agreement if more than one organization is involved) and have it reviewed by the auditors. | # Create a transfer plan (and legal agreement if more than one organization is involved) and have it reviewed by the auditors. | ||
#* For example, the transfer ceremony should have a documented ceremony witnessed by auditors and recorded (for posterity), with a physical exchange of the HSM and a physical exchange of the multi-party authorization keys. | #* For example, the transfer ceremony should have a documented ceremony witnessed by auditors and recorded (for posterity), with a physical exchange of the HSM or ciphertext containing the associated key material and certificates, and a physical exchange of the multi-party authorization keys. | ||
# Stop new certificate issuance at the current site before the transfer begins. | # Stop new certificate issuance at the current site before the transfer begins. | ||
# Have an audit performed at the current site to confirm when the root certificate is ready for transfer, and to make sure the key material is properly secured. | # Have an audit performed at the current site to confirm when the root certificate is ready for transfer, and to make sure the key material is properly secured. | ||