Confirmed users, Administrators
5,526
edits
CA:RootTransferPolicy: Difference between revisions
m
clarification about audits
m (ciphertext) |
m (clarification about audits) |
||
| Line 26: | Line 26: | ||
# Stop new certificate issuance at the current site before the transfer begins. | # Stop new certificate issuance at the current site before the transfer begins. | ||
# Have an audit performed at the current site to confirm when the root certificate is ready for transfer, and to make sure the key material is properly secured. | # Have an audit performed at the current site to confirm when the root certificate is ready for transfer, and to make sure the key material is properly secured. | ||
# At the new site perform an audit to confirm that the transfer was successful, that the private key remained secure throughout the transfer, and that the root certificate is ready to resume issuance ( | # At the new site perform an audit to confirm that the transfer was successful, that the private key remained secure throughout the transfer, and that the root certificate is ready to resume issuance. This may be met by including the transferred root certificate and key in the new owner's regular audits (that meet the requirements of Mozilla's CA Certificate Policy); or by gettting a PITRA (just as we expect any new root certificate to be audited). | ||
# Send updated CP/CPS and the PITRA statement to Mozilla. | # Send updated CP/CPS and the PITRA statement to Mozilla. | ||
# The regular annual audit statements are still expected to happen within a timely manner, or the root cert may be removed. | # The regular annual audit statements are still expected to happen within a timely manner, or the root cert may be removed. | ||