Confirmed users
510
edits
CA/Updating Root Store Policy: Difference between revisions
m
→Process for Updating the Root Store Policy: Minor
m (added item about posting in a security blog about it.) |
m (→Process for Updating the Root Store Policy: Minor) |
||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
== Process for Updating the Root Store Policy == | == Process for Updating the Root Store Policy == | ||
The general process that will be followed to update the [http://www.mozilla.org/projects/security/certs/policy/ Mozilla | The general process that will be followed to update the [http://www.mozilla.org/projects/security/certs/policy/ Mozilla Root Store Policy (MRSP)] is as follows. Issues and potential changes will be tracked in the [https://github.com/mozilla/pkipolicy/issues GitHub policy issue tracker]. GitHub issues are only suggestions for changes or improvements to the MRSP. Changes to the MRSP may or may not be made based on issues listed in GitHub. | ||
# A Mozilla representative will bring forward | # Some GitHub issues are [https://github.com/mozilla/pkipolicy/labels labeled] to indicate if they are being considered for an upcoming version of the MRSP. | ||
# Comments to MRSP issues listed in GitHub may be made there. | |||
# A Mozilla representative will bring forward item(s) for discussion in the [https://groups.google.com/a/mozilla.org/g/dev-security-policy Mozilla dev-security-policy (m-d-s-p)] forum. | |||
# There will be a discussion of how, if at all, to modify the policy for the item. | # There will be a discussion of how, if at all, to modify the policy for the item. | ||
# At some point, which may be at the start, a Mozilla representative will draft proposed text. | # At some point, which may be at the start, a Mozilla representative will draft proposed text. | ||
# A Mozilla representative will summarize a consensus that has been reached, and/or state the official position of Mozilla in either the discussion in [https://groups.google.com/a/mozilla.org/g/dev-security-policy | # A Mozilla representative will summarize a consensus that has been reached, and/or state the official position of Mozilla in either the discussion in [https://groups.google.com/a/mozilla.org/g/dev-security-policy m-d-s-p] or in the [https://github.com/mozilla/pkipolicy/issues GitHub issue tracker], or both. | ||
# There will be | # There will be an internal Mozilla legal review of the policy changes. | ||
# The [https://github.com/mozilla/pkipolicy/blob/master/rootstore/policy.md draft policy in Github] will be updated, if required. | # The [https://github.com/mozilla/pkipolicy/blob/master/rootstore/policy.md draft policy in Github] will be updated, if required. | ||
# | # Following discussion and determination of whether to amend the policy to address each issue, it will be closed. | ||
At intervals, a new policy version will be released based on the current draft, along with a timeline for compliance. | At intervals, a new policy version will be released based on the current draft, along with a timeline for compliance. | ||
* A Mozilla representative will post notice in the [https://groups.google.com/a/mozilla.org/g/dev-security-policy | * A Mozilla representative will post notice in the [https://groups.google.com/a/mozilla.org/g/dev-security-policy m-d-s-p] forum and on the [https://groups.google.com/a/ccadb.org/g/public CCADB public discussion list]. | ||
* A Mozilla representative may send [[CA/Communications|email | * A Mozilla representative may send additional [[CA/Communications|email communications to CAs]] to indicate compliance schedules or other matters. | ||
* A Mozilla representative may post in [https://blog.mozilla.org/security/ | * [[CA/Root_Store_Policy_Archive|The Root Store Policy Archive]] also contains helpful implementation guidance. | ||
* A Mozilla representative may also post in [https://blog.mozilla.org/security/2022/05/23/upgrading-mrsp-to-v-2-8/ Mozilla's Security Blog] about the policy update. | |||