Confirmed users, Administrators
5,526
edits
CA/Information Checklist: Difference between revisions
updated links - continuated
(Updated template and example) |
(updated links - continuated) |
||
| Line 201: | Line 201: | ||
#*** [[CA/Required_or_Recommended_Practices#Verifying_Domain_Name_Ownership|Recommended Practices for Verifying Domain Name Ownership]] | #*** [[CA/Required_or_Recommended_Practices#Verifying_Domain_Name_Ownership|Recommended Practices for Verifying Domain Name Ownership]] | ||
#** If a challenge-response mechanism via email is used to confirm the ownership/control of the domain name, then provide the list of email addresses that are used for verification. | #** If a challenge-response mechanism via email is used to confirm the ownership/control of the domain name, then provide the list of email addresses that are used for verification. | ||
#*** [[CA | #*** [[CA/Forbidden_or_Problematic_Practices#Non-Standard_Email_Address_Prefixes_for_Domain_Ownership_Validation | Potentially Problematic Practices in regards to Email Address Prefixes]] -- The list that the CA uses must either match or be a subset of the list in this wiki page. | ||
#** Confirm that you have automatic blocks in place for high-profile domain names (including those targeted in the DigiNotar and Comodo attacks in 2011). | #** Confirm that you have automatic blocks in place for high-profile domain names (including those targeted in the DigiNotar and Comodo attacks in 2011). | ||
#*** Specify the procedure for additional verification of a certificate request that is blocked. | #*** Specify the procedure for additional verification of a certificate request that is blocked. | ||
| Line 211: | Line 211: | ||
#* If you are requesting to enable the Email (S/MIME) trust bit... | #* If you are requesting to enable the Email (S/MIME) trust bit... | ||
#** URLs and section/page number information pointing directly to the sections of the CP/CPS documents that describe the procedures for verifying that the email address to be included in the certificate is owned/controlled by the certificate subscriber. | #** URLs and section/page number information pointing directly to the sections of the CP/CPS documents that describe the procedures for verifying that the email address to be included in the certificate is owned/controlled by the certificate subscriber. | ||
#** [[CA | #** [[CA/Required_or_Recommended_Practices#Verifying_Email_Address_Control | Recommended Practices for Verifying Email Address]] | ||
#*** Note that per the Mozilla policy this verification must be done ''in addition to'' any verification of the subscriber’s legal identity. | #*** Note that per the Mozilla policy this verification must be done ''in addition to'' any verification of the subscriber’s legal identity. | ||
#** If subscriber identity verification is performed, then provide URLs and section/page number information pointing directly to the sections of the CP/CPS documents that describe the procedures for verifying the identity and authority of the certificate subscriber. | #** If subscriber identity verification is performed, then provide URLs and section/page number information pointing directly to the sections of the CP/CPS documents that describe the procedures for verifying the identity and authority of the certificate subscriber. | ||
| Line 232: | Line 232: | ||
== Baseline Requirements Self Assessement == | == Baseline Requirements Self Assessement == | ||
If you are requesting the Websites (TLS/SSL) trust bit for your root certificate, then you must perform a [[CA | If you are requesting the Websites (TLS/SSL) trust bit for your root certificate, then you must perform a [[CA/BR_Self-Assessment|BR Self Assessment]] to ensure that your CP and CPS documents and your practices comply with the [https://cabforum.org/baseline-requirements-documents/ CA/Browser Forums' Baseline Requirements] (BRs). | ||
* [[CA | * [[CA/BR_Self-Assessment|BR Self Assessment]] | ||
== Response to Mozilla's CA Required or Recommended Practices == | == Response to Mozilla's CA Required or Recommended Practices == | ||
Review Mozilla's [[CA | Review Mozilla's [[CA/Required_or_Recommended_Practices | Required or Recommended Practices]] If your practices differ from any of these recommended practices, then describe those differences and explain how the concern(s) are addressed. | ||
* [[CA | * [[CA/Required_or_Recommended_Practices | CA Recommended Practices]] | ||
== Response to Mozilla's list of Forbidden or Problematic Practices == | == Response to Mozilla's list of Forbidden or Problematic Practices == | ||
Review Mozilla's list of [[CA | Review Mozilla's list of [[CA/Forbidden_or_Problematic_Practices | Forbidden or Problematic Practices.]] For each one, state if it is or is not applicable. For the ones that are applicable, provide URLs and section/page number information pointing directly to the sections of the CP/CPS documents that are relevant, and explain how you address the concern(s). | ||
* [[CA | * [[CA/Forbidden_or_Problematic_Practices | Forbidden or Problematic Practices]] | ||