Confirm, administrator
5,526
edits
Changes
m
→Disable a Root
The process for disabling a root in NSS is as follows:
# Initiate Any individual may initiate the requestusing the Mozilla project's [http://bugzilla.mozilla.org/ Bugzilla issue tracking system:]
#* File a bug in Bugzilla with the following information:
#** Product: mozilla.org
# The Mozilla representative will ensure the necessary information has been provided.
#* Options should be identified
#** Which Trust Bits trust bits to unset (Websites, Email, Code Signing)#** Versus complete removal of Whether the root cert certificate should be removed from NSSinstead of unsetting trust bits.
#* Technical assistance may be requested
#* Additional information may be requested of CA and other parties
#* The Mozilla representative must confirm that a qualified representative has approved the change. A qualified representative is either#** The known representative of either the CA , or #** Two Mozilla has either requested or approved staff members, if the changeCA is not in agreement.
# The Mozilla representative will deliver any preliminary decisions
#* It may be necessary to treat the bug as a sensitive security issue and follow the [http://www.mozilla.org/projects/security/security-bugs-policy.html Mozilla Policy for Handling Security Bugs]
# The Mozilla representative whom the bug is assigned to will start a public discussion in the mozilla.dev.security.policy newsgroup.
#* Outline is presented, references to full bug provided
#* Deadline for discussion is set
#* [http://www.mozilla.org/projects/security/security-bugs-policy.html Security-sensitive] requests for root changes would be discussed primarily within the (closed) Mozilla security group. However others could be added to the discussion by explicitly cc-ing them on the bug.
# The Mozilla representative whom the bug is assigned to will summarize the discussion and communicate the decisions in the bug.
#* Decision about which Trust Bits to unset
#* Any other options or actions as decided
