Confirmed users
569
edits
CA/Application Process: Difference between revisions
Jump to navigation
Jump to search
m
→Process Overview: Changed numbering
(→Process Overview: Revised root inclusion process to move public discussion up in the sequence.) |
m (→Process Overview: Changed numbering) |
||
| Line 27: | Line 27: | ||
#* All information provided by the CA MUST be publicly available. | #* All information provided by the CA MUST be publicly available. | ||
#* If the CA contracts to another organization to help with the root inclusion request, the representative of the CA must clarify that relationship in their request, and must provide clear information about who the ongoing [[CA/Information_Checklist#CA_Primary_Point_of_Contact_.28POC.29|points-of-contact]] will be for the CA. | #* If the CA contracts to another organization to help with the root inclusion request, the representative of the CA must clarify that relationship in their request, and must provide clear information about who the ongoing [[CA/Information_Checklist#CA_Primary_Point_of_Contact_.28POC.29|points-of-contact]] will be for the CA. | ||
# A representative of Mozilla or the CCADB [[CA/Application_Verification#Information_Verification|verifies the information provided by the CA]]. | # A representative of Mozilla or the CCADB [[CA/Application_Verification#Information_Verification|verifies the information provided by the CA]]. '''NEW:''' See [https://www.ccadb.org/cas/public-group#root-inclusion-public-discussion "Prerequisites" to public discussion] that is conducted on the [https://groups.google.com/a/mozilla.org/g/dev-security-policy CCADB discussion list]! | ||
See [https://www.ccadb.org/cas/public-group#root-inclusion-public-discussion Prerequisites to public discussion on the CCADB list] | |||
# [[CA/Application_Verification#Public_discussion|Public discussion]] for a six-week period begins in the [https://groups.google.com/a/mozilla.org/g/dev-security-policy CCADB discussion list]. If no concerns are raised during that time period, then the discussion may close and the request may proceed to the approval phase. | # [[CA/Application_Verification#Public_discussion|Public discussion]] for a six-week period begins in the [https://groups.google.com/a/mozilla.org/g/dev-security-policy CCADB discussion list]. If no concerns are raised during that time period, then the discussion may close and the request may proceed to the approval phase. | ||
# During the public-discussion phase, a representative of Mozilla, another root store, or the Community (as agreed by a Mozilla representative) performs a [[CA/Application_Verification#Detailed_Review|detailed review of the CA’s CP/CPS and audit documents]]. During this phase, the CA may be required to update their CP/CPS and audit documents to become fully aligned with [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla's Root Store Policy]. | # During the public-discussion phase, a representative of Mozilla, another root store, or the Community (as agreed by a Mozilla representative) performs a [[CA/Application_Verification#Detailed_Review|detailed review of the CA’s CP/CPS and audit documents]]. During this phase, the CA may be required to update their CP/CPS and audit documents to become fully aligned with [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla's Root Store Policy]. | ||