Confirmed users, Administrators
5,526
edits
CA/Certificate Change Process: Difference between revisions
Jump to navigation
Jump to search
m
→Disable a Root
m (→Enable EV) |
m (→Disable a Root) |
||
| Line 59: | Line 59: | ||
The process for disabling a root in NSS is as follows: | The process for disabling a root in NSS is as follows: | ||
# | # Any individual may initiate the request using the Mozilla project's [http://bugzilla.mozilla.org/ Bugzilla issue tracking system:] | ||
#* File a bug in Bugzilla with the following information: | #* File a bug in Bugzilla with the following information: | ||
#** Product: mozilla.org | #** Product: mozilla.org | ||
| Line 77: | Line 77: | ||
# The Mozilla representative will ensure the necessary information has been provided. | # The Mozilla representative will ensure the necessary information has been provided. | ||
#* Options should be identified | #* Options should be identified | ||
#** Which | #** Which trust bits to unset (Websites, Email, Code Signing) | ||
#** | #** Whether the root certificate should be removed from NSS instead of unsetting trust bits. | ||
#* Technical assistance may be requested | #* Technical assistance may be requested | ||
#* Additional information may be requested of CA and other parties | #* Additional information may be requested of CA and other parties | ||
#* The Mozilla representative must confirm that a qualified representative of | #* The Mozilla representative must confirm that a qualified representative has approved the change. A qualified representative is either | ||
#** The known representative of the CA, or | |||
#** Two Mozilla staff members, if the CA is not in agreement. | |||
# The Mozilla representative will deliver any preliminary decisions | # The Mozilla representative will deliver any preliminary decisions | ||
#* It may be necessary to treat the bug as a sensitive security issue and follow the [http://www.mozilla.org/projects/security/security-bugs-policy.html Mozilla Policy for Handling Security Bugs] | #* It may be necessary to treat the bug as a sensitive security issue and follow the [http://www.mozilla.org/projects/security/security-bugs-policy.html Mozilla Policy for Handling Security Bugs] | ||
# The Mozilla representative will start a public discussion in the mozilla.dev.security.policy newsgroup. | # The Mozilla representative whom the bug is assigned to will start a public discussion in the mozilla.dev.security.policy newsgroup. | ||
#* Outline is presented, references to full bug provided | #* Outline is presented, references to full bug provided | ||
#* Deadline for discussion is set | #* Deadline for discussion is set | ||
#* [http://www.mozilla.org/projects/security/security-bugs-policy.html Security-sensitive] requests for root changes would be discussed primarily within the (closed) Mozilla security group. However others could be added to the discussion by explicitly cc-ing them on the bug. | #* [http://www.mozilla.org/projects/security/security-bugs-policy.html Security-sensitive] requests for root changes would be discussed primarily within the (closed) Mozilla security group. However others could be added to the discussion by explicitly cc-ing them on the bug. | ||
# The Mozilla representative will summarize the discussion and communicate the decisions in the bug. | # The Mozilla representative whom the bug is assigned to will summarize the discussion and communicate the decisions in the bug. | ||
#* Decision about which Trust Bits to unset | #* Decision about which Trust Bits to unset | ||
#* Any other options or actions as decided | #* Any other options or actions as decided | ||