Confirmed users, Administrators
5,526
edits
CA/Root Inclusion Considerations: Difference between revisions
Jump to navigation
Jump to search
m
CA/Root Inclusion Considerations (view source)
Revision as of 00:45, 17 February 2023
, 17 February 2023add bolding
(make "concerning in aggregate" and auditor more clear) |
m (add bolding) |
||
| Line 30: | Line 30: | ||
== Concerning Behavior == | == Concerning Behavior == | ||
The following situations are concerning '''in aggregate'''; meaning that a concern would be raised when a collection (several) of the main bullet points below happen. These '''concerns in aggregate''' may lead to Mozilla denying the CA operator's root inclusion request. If the CA operator currently has root certificates in Mozilla's root store and these concerns in aggregate apply, then Mozilla should perform a risk versus value assessment, and may remove those root certificates or set them to be distrusted after a specified date. | The following situations are concerning '''in aggregate'''; meaning that a concern would be raised when a collection (several) of the main bullet points below happen. These '''concerns in aggregate''' may lead to Mozilla denying the CA operator's root inclusion request. If the CA operator currently has root certificates in Mozilla's root store and these '''concerns in aggregate''' apply, then Mozilla should perform a risk versus value assessment, and may remove those root certificates or set them to be distrusted after a specified date. | ||
* The CA’s provided address is a P.O. box, mail drop, or an address shared with numerous other companies/entities. (e.g. shell corporate registry) | * The CA’s provided address is a P.O. box, mail drop, or an address shared with numerous other companies/entities. (e.g. shell corporate registry) | ||