Confirmed users, Administrators
5,526
edits
CA/Certificate Change Process: Difference between revisions
m
→Remove a Root
m (→Disable a Root) |
m (→Remove a Root) |
||
| Line 131: | Line 131: | ||
#* Outline is presented, references to full bug provided | #* Outline is presented, references to full bug provided | ||
#* Deadline for discussion is set | #* Deadline for discussion is set | ||
#* [http://www.mozilla.org/projects/security/security-bugs-policy.html Security-sensitive] requests for root | #* [http://www.mozilla.org/projects/security/security-bugs-policy.html Security-sensitive] requests for root removals would be discussed primarily within the (closed) Mozilla security group. However others could be added to the discussion by explicitly cc-ing them on the bug. | ||
# The Mozilla representative will summarize the discussion and communicate the decisions in the bug. | # The Mozilla representative will summarize the discussion and communicate the decisions in the bug. | ||
#* Decision about | #* Decision about whether or not to remove the root certificate | ||
#* Any other options or actions as decided | #* Any other options or actions as decided | ||
# Implementation | # Implementation | ||
#* If the resulting decision is to change the root certificate, the Mozilla representative will create a corresponding NSS bug to make the actual changes in NSS, and mark that bug as blocking the original change request. | #* If the resulting decision is to remove or change the root certificate, the Mozilla representative will create a corresponding NSS bug to make the actual changes in NSS, and mark that bug as blocking the original change request. | ||
#* A Mozilla representative creates a test build of NSS with the change to the root certificate, and attaches nssckbi.dll to the bug. A representative of the CA or of Mozilla must download this, drop it into a copy of Firefox and/or Thunderbird and confirm (by adding a comment in the bug) that the certificate has been correctly changed. | #* A Mozilla representative creates a test build of NSS with the change to the root certificate, and attaches nssckbi.dll to the bug. A representative of the CA or of Mozilla must download this, drop it into a copy of Firefox and/or Thunderbird and confirm (by adding a comment in the bug) that the certificate has been correctly changed or removed. | ||
#* A Mozilla representative checks the changes into the NSS store, and marks the bug RESOLVED FIXED. | #* A Mozilla representative checks the changes into the NSS store, and marks the bug RESOLVED FIXED. | ||
#* For security-sensitive bugs, the security update will proceed as described in [http://www.mozilla.org/projects/security/security-bugs-policy.html Mozilla's Policy for Handling Security Bugs] | #* For security-sensitive bugs, the security update will proceed as described in [http://www.mozilla.org/projects/security/security-bugs-policy.html Mozilla's Policy for Handling Security Bugs] | ||