CA/Certificate Change Process: Difference between revisions

Jump to navigation Jump to search

CA/Certificate Change Process (view source)

Revision as of 23:14, 5 October 2020

No change in size ,  5 October 2020
Updated to match current process
(added info for distrust-after)
(Updated to match current process)
Line 52: Line 52:


== Remove or Disable a Root ==
== Remove or Disable a Root ==
Disabling a Root means one or more of the following:
* Turn off trust bits (Websites, Email)
* Turn off EV Treatment
* Distrust certificates issued after a certain date (Distrust for TLS After, Distrust for S/MIME After)
Reasons for removing or disabling a root certificate may include:
Reasons for removing or disabling a root certificate may include:
* Security Compromise
* Security Compromise
Line 60: Line 65:
* Legacy, no longer in use  
* Legacy, no longer in use  
* No recent audit  
* No recent audit  
Disabling a Root means one or more of the following:
* Turn off trust bits (Websites, Email)
* Turn off EV Treatment
* Distrust certificates issued after a certain date (Distrust for TLS After, Distrust for S/MIME After)


'''Important:''' Root changes that are motivated by a serious security concern such as a root compromise should be treated as a security-sensitive bug, and a [https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance&groups=crypto-core-security secure bug filed in Bugzilla].
'''Important:''' Root changes that are motivated by a serious security concern such as a root compromise should be treated as a security-sensitive bug, and a [https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance&groups=crypto-core-security secure bug filed in Bugzilla].
Kathleen Wilson
Confirmed users, Administrators
5,526

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1231393"

Navigation menu