Confirmed users
578
edits
CA/Root Store Policy Archive: Difference between revisions
Jump to navigation
Jump to search
CA/Root Store Policy Archive (view source)
Revision as of 20:12, 16 February 2025
, 16 February 2025Added draft of MRSP v.3.0 changes
m (→2.9: Updated publication date) |
(Added draft of MRSP v.3.0 changes) |
||
| Line 1: | Line 1: | ||
{{Draft}} | |||
__NOTOC__ | __NOTOC__ | ||
==3.0== | |||
* [https://github.com/mozilla/pkipolicy/blob/3.0/rootstore/policy.md Policy document] | |||
* Finalized date (GitHub): February XX, 2025 | |||
* Publication date (www.mozilla.org): February XX, 2025 | |||
* Effective (compliance) date: March 1, 2025 | |||
** As of January 1, 2025, new roots cannot be dual purpose (websites and email), and CA operators with new roots with the websites trust bit enabled must demonstrate automated means for certificate issuance | |||
** For audit periods beginning after March 1, 2025, CA operators with "parked CA keys" must identify them in auditor-provided annual reports | |||
** Beginning June 1, 2025, each CA operator with a CA having the websites trust bit enabled in NSS must have a third-party assessor review its mass revocation plan for annual audit periods starting on or after June 1, 2025. | |||
** Beginning September 1, 2025, each CA operator must maintain and test a mass revocation plan. | |||
** CA operators with roots enabled with both the websites trust bit and the email trust bit must submit a transition plan by April 15, 2026. | |||
trusted for both capable of issuing capable of issuing TLS server certificates, ______ | |||
* [https://github.com/mozilla/pkipolicy/pull/TBD/files List of changes and diff] | |||
==2.9== | ==2.9== | ||