Confirmed users, Administrators
5,526
edits
CA:FAQ: Difference between revisions
m
→What is the Mozilla CA Certificate Policy?
| Line 74: | Line 74: | ||
The [http://www.mozilla.org/projects/security/certs/policy/ Mozilla CA Certificate Policy] is the official Mozilla policy for CA certificates that are distributed with Mozilla software products. This policy consists of three sections: | The [http://www.mozilla.org/projects/security/certs/policy/ Mozilla CA Certificate Policy] is the official Mozilla policy for CA certificates that are distributed with Mozilla software products. This policy consists of three sections: | ||
# [http://www.mozilla.org/projects/security/certs/policy/InclusionPolicy.html | # [http://www.mozilla.org/projects/security/certs/policy/InclusionPolicy.html Mozilla CA Certificate Inclusion Policy:] This section describes the obligations of Certification Authorities applying for inclusion of their root certificates in Mozilla Products. This includes considerations that are taken into account such as the CA's publicly available documentation about their policies, and audits of the CA's operations in support of the documented policies. | ||
# [http://www.mozilla.org/projects/security/certs/policy/MaintenancePolicy.html | # [http://www.mozilla.org/projects/security/certs/policy/MaintenancePolicy.html Mozilla CA Certificate Maintenance Policy:] This section describes the obligations of Certification Authorities for maintaining confidence in their root certificates that are included in Mozilla Products. This includes regular auditing of the CA's policies and practices; conforming to current CA industry standards and recommended best practices; and making changes to included root certificates. | ||
# [http://www.mozilla.org/projects/security/certs/policy/EnforcementPolicy.html | # [http://www.mozilla.org/projects/security/certs/policy/EnforcementPolicy.html Mozilla CA Certificate Enforcement Policy:] This section describes the steps that Mozilla may take in order to enforce this policy. This includes evaluation of security concerns, and removing or disabling a root certificate. | ||
The [http://www.mozilla.org/projects/security/certs/policy/ Mozilla CA Certificate Policy] applies only to software products distributed by Mozilla, including the Mozilla Foundation and its subsidiaries. Other entities distributing such software are free to adopt their own policies. In particular, under the terms of the relevant Mozilla license(s) distributors of such software are permitted to add or delete CA certificates in the versions that they distribute, and are also permitted to modify the values of the "trust bits" on CA certificates in the default CA certificate set. As with other software modifications, by making such changes a distributor may affect its ability to use Mozilla trademarks in connection with its versions of the software; see the Mozilla trademark policy for more information. | The [http://www.mozilla.org/projects/security/certs/policy/ Mozilla CA Certificate Policy] applies only to software products distributed by Mozilla, including the Mozilla Foundation and its subsidiaries. Other entities distributing such software are free to adopt their own policies. In particular, under the terms of the relevant Mozilla license(s) distributors of such software are permitted to add or delete CA certificates in the versions that they distribute, and are also permitted to modify the values of the "trust bits" on CA certificates in the default CA certificate set. As with other software modifications, by making such changes a distributor may affect its ability to use Mozilla trademarks in connection with its versions of the software; see the Mozilla trademark policy for more information. | ||