Confirmed users, Administrators
5,526
edits
CA/Communications: Difference between revisions
m
→February 17, 2012
| Line 23: | Line 23: | ||
* c) We are reviewing all of our subCAs and will take the necessary action by <date>. | * c) We are reviewing all of our subCAs and will take the necessary action by <date>. | ||
* d) We have revoked such subCA certificates, and here is the requested information. | * d) We have revoked such subCA certificates, and here is the requested information. | ||
* e) Externally operated subCAs are publicly disclosed to Mozilla, audited by a competent party (per Mozilla’s CA Certificate Policy) whose audit result has been publicly disclosed to Mozilla, and technically and/or contractually restricted to issue certificates in full compliance with the Mozilla CA Certificate Policy. SubCAs are specifically not allowed to use their subordinate certificates for the purpose of MITM. ''(Note: This option was added after the communication was sent.)'' | |||
2) If you issue subordinate CAs to third parties or your CP/CPS permits you to do so in the future, please add a statement to your CP/CPS committing that you will not issue a subordinate certificate that can be used for MITM or “traffic management” of domain names or IPs that the certificate holder does not legitimately own or control. Send me the URL to the updated document(s) and the impacted sections or page numbers. | 2) If you issue subordinate CAs to third parties or your CP/CPS permits you to do so in the future, please add a statement to your CP/CPS committing that you will not issue a subordinate certificate that can be used for MITM or “traffic management” of domain names or IPs that the certificate holder does not legitimately own or control. Send me the URL to the updated document(s) and the impacted sections or page numbers. | ||