CA:Schedule: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Turn into a redirect)
 
(35 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Schedule for CA evaluations =
#REDIRECT [[CA/Dashboard]]
 
''Note that this schedule is tentative and may change without warning based on unforeseen circumstances. Nothing in this schedule shall be construed as a commitment by the Mozilla Foundation or the Mozilla project in general.''
 
== General timeline ==
 
Our process for evaluating CA requests is as follows:
# CAs will be added into the queue for public discussion after they have completed the Information Gathering and Verification phase as described in [https://wiki.mozilla.org/CA:How_to_apply CA:How_to_apply.]
# Prior to entering public discussion we may need to gather further information or an updated audit from the CA; if for some reason we cannot obtain the needed information then the next CA in the queue will be considered for public discussion.
# Once a CA enters the public discussion period a representative of the CA must promptly respond in the discussion to any questions or concerns that are raised. If a CA delays their response for more than one week, then their discussion may be closed.
# During the course of the discussion, we will make a decision as to whether to approve the request.
# If the discussion results in moving forward with approval, then a representative of Mozilla will summarize the request in the bug, and indicate the plan to approve the request. After about one week, if no further questions or concerns are raised, then the representative of Mozilla may approve the request. Once a request is approved then a representative of Mozilla will file bug(s) against the appropriate developer(s) to have the necessary changes made to NSS (for CA root inclusion) or PSM (for EV-enabling a CA) or both.
# A discussion may be put on hold, pending a CA action item, such that the discussion may continue as soon as the CA has provided the requested information.
# If a request is not approved due to outstanding issues that need to be addressed (e.g., a need for further information, or concerns about CA practices) then the request will wither be closed, or will be added to the [[CA:Schedule#CAs_Responding_to_First_Discussion | list of CAs responding to the first discussion.]] A second round of public discussion may be needed after the issues have been resolved.
 
Once bugs are filed against NSS and/or PSM the schedule is set first by the NSS/PSM developer(s) (for making the technical changes) and then by the product teams for Firefox and other products (to include the new changes in a release of Firefox, etc.) Root certificate changes to NSS/PSM are usually grouped and done as a batch when there is either a large enough set of changes or about every 3 months. When the developer makes the changes, a test build will be provided and the bug will be updated to request that you test it. After the NSS/PSM changes are committed to an NSS release, then a future version of Firefox will include the updated version of NSS/PSM.
 
== Queue for Public Discussion==
 
The following queue indicates the order in which requests will enter [https://wiki.mozilla.org/CA:How_to_apply#Public_discussion public discussion] for root inclusion request from CAs who do not
currently have a root certificate included in NSS. In general, only one or two of these requests may be in discussion at any given point. The amount of time that each discussion takes varies dramatically depending
on the number of reviewers contributing to the discussion, and the types of concerns that are raised. For each discussion, there must be input from at least two people who have reviewed and commented on the request.
To be added to this queue, a request must first achieve the "Information Confirmed Complete" status.
{|
|-
! CA Company Name  || Bug ID || Geographic focus || Audit Date yyyy.mm.dd || Status || Notes
|-
| [[CA:PendingCAs|GDCA]] || {{Bug|1128392}} || China || 2016.04.15 || [https://groups.google.com/d/msg/mozilla.dev.security.policy/kB2JrygK7Vk/b_22zTwIBAAJ Started Discussion] on August 3 ||EV
|-
| [[CA:PendingCAs|LuxTrust]] || {{Bug|944783}} || Luxembourg || 2016.07.26 || Recommended approval on September 28 || EV
|-
| [[CA:PendingCAs|OATI]] || {{Bug|848766}} || US || 2015.01.02 || certlint errors - {{Bug|848766#c33}} ||
|-
| [[CA:PendingCAs|MULTICERT]] || {{Bug|1040072}} || Portugal || 2016.04.01 || Ready for Discussion ||
|-
| [[CA:PendingCAs|TrustCor]] || {{Bug|1231853}} || Canada, Global || 2015.12.01 || Ready for Discussion ||
|-
| [[CA:PendingCAs|Government of Tunisia]] || {{Bug|1233645}} || Tunisia || 2015.11.30 || Ready for Discussion ||
|-
| [[CA:PendingCAs|SSL.com]] || {{Bug|1277336}} || USA, Global || Re-tested when test tool is available ||
|-
| - || - || - || - || - ||
|-
|}
 
=== Requests from Already Included CAs that are in or Ready for Discussion ===
These requests are from CAs that already have roots included in NSS. The requests may be discussed in parallel; the goal is to start each discussion as soon as the information is ready. In general, these
requests will remain in discussion for 2 weeks unless further discussion is warranted. To be added to this queue, a request must first achieve the "Information Confirmed Complete" status.
{|
|-
! CA Company Name  || Bug ID || Geographic focus || Audit Date yyyy.mm.dd || Status || Notes
|-
| [[CA:PendingCAs|Taiwan GRCA]] || {{Bug|1065896}} || Taiwan || 2016.06.29 || Started [https://groups.google.com/d/msg/mozilla.dev.security.policy/eFG27ZTYWD8/WleX5FSHEQAJ Discussion] on September 16 || constrain to *.tw
|-
| [[CA:PendingCAs|Symantec]] || {{Bug|833986}} || Global || 2016.05.03 || Ready for discussion || Symantec-brand Class 1 and Class 2 roots
|-
| [[CA:PendingCAs|EDICOM]] || {{Bug|1239329}} || European Union || 2015.11.03 || Ready for discussion ||
|-
| [[CA:PendingCAs|D-Trust]] || {{Bug|1166723}} || Germany, Europe, Global || 2015.11.12 || Ready for discussion || email trust bit only
|-
| [[CA:PendingCAs|Kamu SM - Government of Turkey]] || {{Bug|1262809}} || Turkey || 2015.12.28 || Ready for discussion
|-
| [[CA:PendingCAs|Dhimyotis / Certigna]] || {{Bug|1265683}} || France, Europe || 2016.02.15 || Ready for discussion
|-
| - || - || - || - || - ||
|-
| - || - || - || - || - ||
|-
|}
 
== Discussions On Hold==
The following list shows the CA inclusion/update requests that are in [https://wiki.mozilla.org/CA:How_to_apply#Public_discussion public discussion], but are waiting for the CA to provide additional or updated information that was asked for during the discussion, such as updating or translating the CP/CPS, or completing a more current or full audit. The discussion may continue as soon as the CA provides the additional or updated information.
{|
|-
! CA Company Name  || Bug ID || Geographic focus || Audit Date yyyy.mm.dd || Status || Waiting For...
|-
| [[CA:PendingCAs|SSC, Lithuanian National Root]] || {{Bug|379152}} || Lithuania || 2015.06.30 || [https://groups.google.com/d/msg/mozilla.dev.security.policy/7TK_uN7HkjA/PZKgP6D0CgAJ Discussion] on Hold || [https://groups.google.com/d/msg/mozilla.dev.security.policy/W0st0yN9bTM/BuUwdGIlHAAJ Waiting for updated CPS]
|-
| [[CA:PendingCAs|ComSign]] || {{Bug|675060}} || Israel || 2015.04.26 || [https://groups.google.com/d/msg/mozilla.dev.security.policy/uTBDhqO_IB0/YD5DI7v9AQAJ Discussion] on Hold || Waiting for [https://groups.google.com/d/msg/mozilla.dev.security.policy/uTBDhqO_IB0/-99Y4DnyCQAJ updated CPS].
|-
| [[CA:PendingCAs|A-Trust]] || {{Bug|1092963}} || Austria || 2015.06.26 || [https://groups.google.com/d/msg/mozilla.dev.security.policy/Q1beEDFdzxg/M0NAuKf_AAAJ Discussion] on Hold || EV, Waiting for [https://groups.google.com/d/msg/mozilla.dev.security.policy/Q1beEDFdzxg/BktS5UibCAAJ translated CP and CPS]
|-
| [[CA:PendingCAs|GPKI]] || {{Bug|870185}} || Japan || 2015.12.25 || [https://groups.google.com/d/msg/mozilla.dev.security.policy/Mezqdljjerc/Es8eFqTDCgAJ Discussion] on Hold || Constrain to *.go.jp domain. Need updated CP/CPS, BR audit
|-
| - || - || - || - || - ||
|-
|}
 
== CAs Responding to First Discussion ==
 
The following list shows the CAs who have gone through the first round of public discussion, and have resulting action items to complete before the second round of public discussion may begin.
 
{|
|-
! CA Company Name  || Bug ID || Geographic focus || Audit Date yyyy.mm.dd || Status || Notes
|-
| [http://www.mozilla.org/projects/security/certs/pending/#KISA KISA] || [http://bugzilla.mozilla.org/show_bug.cgi?id=335197 335197] || Korea || Need Audit  || [https://wiki.mozilla.org/CA:SubordinateCA_checklist#Super-CAs Super-CA] || [https://wiki.mozilla.org/CA:SubordinateCA_checklist#Super-CAs Super-CA] -- Sub-CAs should apply for inclusion separately
|-
| [http://www.mozilla.org/projects/security/certs/pending/#ICP-Brasil ICP-Brasil] || [http://bugzilla.mozilla.org/show_bug.cgi?id=438825 438825] || Brazil || Need Audit || [https://wiki.mozilla.org/CA:SubordinateCA_checklist#Super-CAs Super-CA] || [https://wiki.mozilla.org/CA:SubordinateCA_checklist#Super-CAs Super-CA] -- Sub-CAs should apply for inclusion separately
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Finnish%20Population%20Register Finnish Population Register] || [http://bugzilla.mozilla.org/show_bug.cgi?id=463989 463989] || Finland || 2008.02.28 || Responding to First Discussion || national government CA. Need audit for SSL and code signing CPS
|-
| [http://www.mozilla.org/projects/security/certs/pending/#US%20FPKI US FPKI]  || [http://bugzilla.mozilla.org/show_bug.cgi?id=478418 478418] || US || 2012.02.28 || Technical Evaluation and Testing || *.gov, *.mil
|-
| [http://www.mozilla.org/projects/security/certs/pending/#E-ME  E-ME] || [http://bugzilla.mozilla.org/show_bug.cgi?id=518098 518098] || Latvia || 2011.05.02 || Approval Pending Discussion Action Items || {{bug|518098#c95}}
|-
| [[CA:PendingCAs|ANF]] || {{Bug|555156}} || European Union || 2015.01.26 || Need CA Response {{bug|555156#90}} || EV, certlint errors - {{Bug|555156#c91}}
|-
| [http://www.mozilla.org/projects/security/certs/pending/ CSOEC] || [http://bugzilla.mozilla.org/show_bug.cgi?id=844163 844163] || France || 2012.11.26 || On Hold || Primary Point of Contact (POC) and relevance concerns ||
|-
|}
 
== Requests in the Information Gathering and Verification Phase ==
 
The following CAs are in the Information Gathering and Verification Phase as described in [https://wiki.mozilla.org/CA:How_to_apply CA:How_to_apply.] These requests need to complete the Information Gathering and Verification Phase before they can be put into the queue for public discussion.
{|
|-
! CA Company Name || Bug ID Number || Geographic focus || Notes
|-
| [http://www.mozilla.org/projects/security/certs/pending/#Swiss%20BIT Swiss BIT]  || [http://bugzilla.mozilla.org/show_bug.cgi?id=435026 435026] || Switzerland || New root, new CPS
|-
| [[CA:PendingCAs|SUSCERTE]] || {{Bug|489240}} ||  Venezuela || [https://wiki.mozilla.org/CA:SubordinateCA_checklist#Super-CAs Super-CA] -- Sub-CAs should apply for inclusion separately
|-
| [[CA:PendingCAs|SHECA]] || {{Bug|566310}} || China ||
|-
| [[CA:PendingCAs|Visa]]|| {{Bug|636557}} || Global ||
|-
| [[CA:PendingCAs|PSC-FII]] || {{Bug|667466}} || Venezuela || Signed by SUSCERTE (bug #489240)
|-
| [[CA:PendingCAs|Symantec/Thawte]] || {{Bug|833998}} || Global || EV for included ECC root
|-
| [[CA:PendingCAs|Symantec/GeoTrust]] || {{Bug|834004}} || Global || EV for included ECC root
|-
| [[CA:PendingCAs|AC Camerfirma]] || {{Bug|986854}} || Spain || EV, add to pending
|-
| [[CA:PendingCAs|LAWtrust]] || {{Bug|1023726}} || South Africa ||
|-
| [[CA:PendingCAs|TMCA]] || {{Bug|1090014}} || Malaysia ||
|-
| Symantec || {{Bug|1099311}} || Global || Symantec-brand Class 3 roots, add to pending
|-
| [[CA:PendingCAs|Firmaprofesional]] || {{Bug|1102143}} || Spain || EV
|-
| [[CA:PendingCAs|SwissSign]] || {{Bug|1142323}} || Switzerland || EV
|-
| [[CA:PendingCAs|WoSign]] || {{Bug|1156175}} || China || EV
|-
| [[CA:PendingCAs|DigiCert]] || {{Bug|1165472}} || Global || EV
|-
| [[CA:PendingCAs|HydrantID]] || {{Bug|1173547}} || United States || EV
|-
| [[CA:PendingCAs|Exdemsys]] || {{Bug|1194577}} || Portugal || add to pending
|-
| [[CA:PendingCAs|Systems Authority Institute / CaseLaw]] || {{Bug|1201916}} || Philippines || add to pending
|-
| [[CA:PendingCAs|Government of Korea MOI]] || {{Bug|1226100}} || Korea ||
|-
| [[CA:PendingCAs|Government of Kazakhstan]] || {{Bug|1232689}} || Kazakhstan ||
|-
 
|}
 
== Requests in the Inclusion Phase ==
 
The following CAs have been approved and are in the Inclusion Phase as described in [https://wiki.mozilla.org/CA:How_to_apply CA:How_to_apply.]
 
{|
|-
! CA Company Name || Bug ID || Geographic focus || Notes
|-
| [[CA:PendingCAs|FNMT]]|| {{Bug|435736}} || Spain || Revoked intermediate certs in {{Bug|1263949}} must be added to OneCRL upon inclusion of this root.
|-
| [[CA:PendingCAs|Symantec/VeriSign]] || {{Bug|833974}} || Global || EV for included ECC root, 2 EV OIDs
|-
| [[CA:PendingCAs|DocuSign]] || {{Bug|1025095}} || France || EV
|-
| [[CA:PendingCAs|Amazon]] || {{Bug|1172401}} || Global || EV
|-
| [[CA:PendingCAs|ISRG]] || {{Bug|1204656}} || Global ||
|-
 
|}
 
== Roots Being Removed ==
Upcoming Root Cert Removals:
* https://mozillacaprogram.secure.force.com/CA/UpcomingRootRemovalsReport
Certs that have been Removed:
* https://wiki.mozilla.org/CA:RemovedCAcerts
 
== Included CAs ==
Spreadsheet of all included root certificates:
* https://wiki.mozilla.org/CA:IncludedCAs

Latest revision as of 08:37, 5 May 2017

Redirect to:

Retrieved from "https://wiki.mozilla.org/index.php?title=CA:Schedule&oldid=1170368"