Confirmed users, Administrators
5,526
edits
CA/Root Inclusion Considerations: Difference between revisions
Jump to navigation
Jump to search
CA/Root Inclusion Considerations (view source)
Revision as of 00:45, 31 January 2023
, 31 January 2023drafting
(drafting) |
(drafting) |
||
| Line 13: | Line 13: | ||
==Unacceptable Behavior== | ==Unacceptable Behavior== | ||
For the following circumstances, Mozilla should deny the CA operator's root inclusion request. If the CA operator currently has root certificates in Mozilla's root store, then Mozilla should remove those root certificates or set them to be distrusted after a specified date. | For the following circumstances, Mozilla should deny the CA operator's root inclusion request. If the CA operator currently has root certificates in Mozilla's root store, then Mozilla should remove those root certificates or set them to be distrusted after a specified date. | ||
* There is [https://www.merriam-webster.com/legal/reasonable%20suspicion Reasonable suspicion] that the CA is closely tied, through ownership or operation, to a company engaged in: | * There is [https://www.merriam-webster.com/legal/reasonable%20suspicion Reasonable suspicion] that the CA is closely tied, through ownership or operation, to a company engaged in any of the following: | ||
** the distribution of malware or spyware | ** the distribution of malware or spyware; | ||
** network surveillance | ** network surveillance; or | ||
** cyber espionage. | ** cyber espionage. | ||
* The CA operator is in [https://trust.salesforce.com/blocked a global region that cannot use the CCADB], or is not capable of entering into a contractual agreement with a [https://www.treasury.gov/resource-center/sanctions/Programs/Pages/Programs.aspx US-based] company. | * The CA operator is in [https://trust.salesforce.com/blocked a global region that cannot use the CCADB], or is not capable of entering into a contractual agreement with a [https://www.treasury.gov/resource-center/sanctions/Programs/Pages/Programs.aspx US-based] company. | ||
* The CA operator has | * The CA operator has done any of the following: | ||
** Mis-issued a large or unknown number of end-entity or intermediate certificates that they are not able to enumerate | ** Mis-issued a large or unknown number of end-entity or intermediate certificates that they are not able to enumerate; | ||
** Deliberately violated Mozilla's Root Store Policy or other applicable policy | ** Deliberately violated Mozilla's Root Store Policy or other applicable policy; or | ||
** Lied, concealed, or failed to disclose the full extent of a problem | ** Lied, concealed, or failed to disclose the full extent of a problem. | ||
== Concerning Behavior == | == Concerning Behavior == | ||