CA/Root Store Policy Archive: Difference between revisions

Jump to navigation Jump to search

CA/Root Store Policy Archive (view source)

Revision as of 02:13, 21 February 2025

21 bytes removed ,  21 February 2025
Updated information about v.3.0
m (Minor edit)
(Updated information about v.3.0)
Line 5: Line 5:
==3.0==
==3.0==
* [https://github.com/mozilla/pkipolicy/blob/3.0/rootstore/policy.md Policy document]
* [https://github.com/mozilla/pkipolicy/blob/3.0/rootstore/policy.md Policy document]
* Finalized date (GitHub): February XX, 2025
* Finalized date (GitHub): February 20, 2025
* Publication date (www.mozilla.org): February XX, 2025
* Publication date (www.mozilla.org): February XX, 2025
* Effective (compliance) date: March 1, 2025
* Effective (compliance) date: March 15, 2025
** As of January 1, 2025, new roots cannot be dual purpose (websites and email), and CA operators with new roots with the websites trust bit enabled must demonstrate automated means for certificate issuance
** New roots cannot be dual purpose (websites and email), and CA operators with new roots with the websites trust bit enabled must demonstrate automated means for certificate issuance
** For audit periods beginning after March 1, 2025, CA operators with "parked CA keys" must identify them in auditor-provided annual reports
** For audit periods beginning after March 15, 2025, CA operators with "parked CA keys" must identify them in auditor-provided annual reports
** Beginning June 1, 2025, each CA operator with a CA having the websites trust bit enabled in NSS must have a third-party assessor review its mass revocation plan for annual audit periods starting on or after June 1, 2025.
** Beginning June 1, 2025, each CA operator with a CA having the websites trust bit enabled in NSS must have a third-party assessor review its mass revocation plan for annual audit periods starting on or after June 1, 2025.
** Beginning September 1, 2025, each CA operator must maintain and test a mass revocation plan.  
** Beginning September 1, 2025, each CA operator must maintain and test a mass revocation plan.  
** CA operators with roots enabled with both the websites trust bit and the email trust bit must submit a transition plan by April 15, 2026.
** CA operators with roots enabled with both the websites trust bit and the email trust bit must submit a transition plan by April 15, 2026.


* [https://github.com/mozilla/pkipolicy/pull/TBD/files List of changes and diff]
* [https://github.com/mozilla/pkipolicy/pull/287/files List of changes and diff]




Bwilson
Confirmed users
578

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1253420"

Navigation menu