Confirmed users
569
edits
CA/Required or Recommended Practices: Difference between revisions
Jump to navigation
Jump to search
CA/Required or Recommended Practices (view source)
Revision as of 23:11, 21 October 2022
, 21 October 2022Updated CP/CPS requirements.
(→CP/CPS Documents will be Reviewed!: Moved content to CA/CPS_Review) |
(Updated CP/CPS requirements.) |
||
| Line 5: | Line 5: | ||
=== Publicly Available CP and CPS === | === Publicly Available CP and CPS === | ||
A Certificate Policy (CP) is a named set of rules that indicate the applicability of a certificate to a particular community and/or class of applications with common security requirements. A Certification Practices Statement (CPS) is a document that describes the practices that a Certification Authority (CA) employs in issuing, managing, revoking, and renewing or re-keying certificates. CAs must supply a complete CPS, or also a CP, or a combined CP/CPS ("CP/CPS" herein) containing sufficient information to determine whether and how the CA complies with Mozilla policy requirements. | |||
* The CP/CPS must be publicly available from the CA's official web site. | * The CP/CPS must be publicly available from the CA's official web site. | ||
* The CP/CPS must clearly indicate which root and subordinate certificates the practices and processes described in those documents apply to. | * The CP/CPS must clearly indicate which root and subordinate certificates the practices and processes described in those documents apply to. | ||
* The format of the CP/CPS | * The format of the CP/CPS must be PDF or another suitable format for reading documents. CAs should ''not'' use Microsoft Word or other formats intended primarily for editable documents. | ||
* The CP/CPS must be available in an English version. The non-English version may be authoritative (as that's the working language of the CA) but the CA is responsible for ensuring that the translation is not materially different from the authoritative version of the document. | * The CP/CPS must be available in an English version. The non-English version may be authoritative (as that's the working language of the CA) but the CA is responsible for ensuring that the translation is not materially different from the authoritative version of the document. | ||
* As part of the inclusion process and the [https://wiki.mozilla.org/CA/ | * As part of the inclusion process and the [https://wiki.mozilla.org/CA/Compliance_Self-Assessment CA Compliance Self-Assessment], CAs must provide the CP/CPS sections that address the requirements of Mozilla policy and the Baseline Requirements. | ||
===== CP/CPS Revision Table ===== | ===== CP/CPS Revision Table ===== | ||
[https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#33-cps-and-cpses Section 3.3 of Mozilla's Root Store Policy] requires that a CA review and update its CP/CPS at least once every twelve months. CAs must "indicate that this has happened by incrementing the version number and adding a dated changelog entry, even if no other changes are made to the document." This is also required by section 2.3 of the [https://cabforum.org/baseline-requirements-documents Baseline Requirements]. | |||
===== CAA Domains listed in CP/CPS ===== | ===== CAA Domains listed in CP/CPS ===== | ||