CA:RootTransferPolicy: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Created page with "{{DRAFT}} Under discussion in mozilla.dev.security.policy The purpose of this page is to document Mozilla’s expectations when the ownership of an included root certificate...")
 
(Eliminate page; content has moved)
 
(41 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{DRAFT}} Under discussion in mozilla.dev.security.policy
This policy is now part of the main [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla Root Store Policy] (section 8).
 
The purpose of this page is to document Mozilla’s expectations when the ownership of an included root certificate changes, the organization operating the PKI changes, and/or the private keys of the root certificate are transferred to a new location. Throughout such a change, the operation of the root certificate’s private keys and certificate issuance must continue to meet the requirements of [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla’s CA Certificate Policy].
 
There are different ways the ownership of a root certificate may change, which may include one or more of the following.
* Legal ownership transfer, such as when one company buys another.
** This does not necessarily imply that there will be a change in operation of the root certificates.
* Physical relocation of the private keys. Circumstances may include one of the following.
** CA relocates their private keys to another location owned by that CA.
** CA1 transfers the private keys to CA2, where CA2 already has other root certificates included in Mozilla’s program.
** CA1 transfers the private keys to CA3, where CA3 does not have root certificates included in Mozilla’s program.
* Personnel changes, which may include one or more of the following.
** Operation of the PKI is transferred to a different organization who is already operating root certificates included in Mozilla’s program.
** Operation of the PKI is transferred to a different organization who does not currently operate a root certificate included in Mozilla’s program.
** The organization operating the PKI remains the same, but is transferred to a different company or owner.

Latest revision as of 15:48, 23 June 2017

This policy is now part of the main Mozilla Root Store Policy (section 8).

Retrieved from "https://wiki.mozilla.org/index.php?title=CA:RootTransferPolicy&oldid=1174519"