CA/Updating Root Store Policy: Difference between revisions
< CA
Jump to navigation
Jump to search
(Minor fixes) |
m (→Process for Updating the Root Store Policy: Minor) |
||
| (4 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
== Process for Updating the Root Store Policy == | == Process for Updating the Root Store Policy == | ||
The general process that will be followed to update the [http://www.mozilla.org/projects/security/certs/policy/ Mozilla | The general process that will be followed to update the [http://www.mozilla.org/projects/security/certs/policy/ Mozilla Root Store Policy (MRSP)] is as follows. Issues and potential changes will be tracked in the [https://github.com/mozilla/pkipolicy/issues GitHub policy issue tracker]. GitHub issues are only suggestions for changes or improvements to the MRSP. Changes to the MRSP may or may not be made based on issues listed in GitHub. | ||
# A Mozilla representative will bring forward | # Some GitHub issues are [https://github.com/mozilla/pkipolicy/labels labeled] to indicate if they are being considered for an upcoming version of the MRSP. | ||
# Comments to MRSP issues listed in GitHub may be made there. | |||
# A Mozilla representative will bring forward item(s) for discussion in the [https://groups.google.com/a/mozilla.org/g/dev-security-policy Mozilla dev-security-policy (m-d-s-p)] forum. | |||
# There will be a discussion of how, if at all, to modify the policy for the item. | # There will be a discussion of how, if at all, to modify the policy for the item. | ||
# At some point, which may be at the start, a Mozilla representative will draft proposed text. | # At some point, which may be at the start, a Mozilla representative will draft proposed text. | ||
# A Mozilla representative will summarize a consensus that has been reached, and/or state the official position of Mozilla in either the discussion in [https://groups.google.com/ | # A Mozilla representative will summarize a consensus that has been reached, and/or state the official position of Mozilla in either the discussion in [https://groups.google.com/a/mozilla.org/g/dev-security-policy m-d-s-p] or in the [https://github.com/mozilla/pkipolicy/issues GitHub issue tracker], or both. | ||
# There will be an internal Mozilla legal review of the policy changes. | |||
# The [https://github.com/mozilla/pkipolicy/blob/master/rootstore/policy.md draft policy in Github] will be updated, if required. | # The [https://github.com/mozilla/pkipolicy/blob/master/rootstore/policy.md draft policy in Github] will be updated, if required. | ||
# | # Following discussion and determination of whether to amend the policy to address each issue, it will be closed. | ||
At intervals, a new policy version will be released based on the current draft, along with a timeline for compliance. | At intervals, a new policy version will be released based on the current draft, along with a timeline for compliance. | ||
* A Mozilla representative will post notice in the [https://groups.google.com/ | * A Mozilla representative will post notice in the [https://groups.google.com/a/mozilla.org/g/dev-security-policy m-d-s-p] forum and on the [https://groups.google.com/a/ccadb.org/g/public CCADB public discussion list]. | ||
* A Mozilla representative | * A Mozilla representative may send additional [[CA/Communications|email communications to CAs]] to indicate compliance schedules or other matters. | ||
* [[CA/Root_Store_Policy_Archive|The Root Store Policy Archive]] also contains helpful implementation guidance. | |||
* A Mozilla representative may also post in [https://blog.mozilla.org/security/2022/05/23/upgrading-mrsp-to-v-2-8/ Mozilla's Security Blog] about the policy update. | |||
Latest revision as of 20:56, 8 November 2022
Process for Updating the Root Store Policy
The general process that will be followed to update the Mozilla Root Store Policy (MRSP) is as follows. Issues and potential changes will be tracked in the GitHub policy issue tracker. GitHub issues are only suggestions for changes or improvements to the MRSP. Changes to the MRSP may or may not be made based on issues listed in GitHub.
- Some GitHub issues are labeled to indicate if they are being considered for an upcoming version of the MRSP.
- Comments to MRSP issues listed in GitHub may be made there.
- A Mozilla representative will bring forward item(s) for discussion in the Mozilla dev-security-policy (m-d-s-p) forum.
- There will be a discussion of how, if at all, to modify the policy for the item.
- At some point, which may be at the start, a Mozilla representative will draft proposed text.
- A Mozilla representative will summarize a consensus that has been reached, and/or state the official position of Mozilla in either the discussion in m-d-s-p or in the GitHub issue tracker, or both.
- There will be an internal Mozilla legal review of the policy changes.
- The draft policy in Github will be updated, if required.
- Following discussion and determination of whether to amend the policy to address each issue, it will be closed.
At intervals, a new policy version will be released based on the current draft, along with a timeline for compliance.
- A Mozilla representative will post notice in the m-d-s-p forum and on the CCADB public discussion list.
- A Mozilla representative may send additional email communications to CAs to indicate compliance schedules or other matters.
- The Root Store Policy Archive also contains helpful implementation guidance.
- A Mozilla representative may also post in Mozilla's Security Blog about the policy update.