CA:Schedule: Difference between revisions
| Line 162: | Line 162: | ||
| |- | |- | ||
| | [http://www.mozilla.org/projects/security/certs/pending/#SITHS SITHS] || [http://bugzilla.mozilla.org/show_bug.cgi?id=792337 792337] || Sweden ||   | | [http://www.mozilla.org/projects/security/certs/pending/#SITHS SITHS] || [http://bugzilla.mozilla.org/show_bug.cgi?id=792337 792337] || Sweden ||   | ||
| |- | |||
| | [http://www.mozilla.org/projects/security/certs/pending/#Disig Disig] || [http://bugzilla.mozilla.org/show_bug.cgi?id=792377 792377] || Slovakia || add to pending | |||
| |- | |- | ||
| |} | |} | ||
Revision as of 22:06, 2 October 2012
Schedule for CA evaluations
Note that this schedule is tentative and may change without warning based on unforeseen circumstances. Nothing in this schedule shall be construed as a commitment by the Mozilla Foundation or the Mozilla project in general.
General timeline
Our process for evaluating CA requests is as follows:
- CAs will be added into the queue for public discussion after they have completed the Information Gathering and Verification phase as described in CA:How_to_apply.
- Prior to entering public discussion we may need to gather further information or an updated audit from the CA; if for some reason we cannot obtain the needed information then the next CA in the queue will be considered for public discussion.
- Once a CA enters the public discussion period a representative of the CA must promptly respond in the discussion to any questions or concerns that are raised. If a CA delays their response for more than one week, then their discussion may be closed.
- During the course of the discussion, we will make a decision as to whether to approve the request.
- If the discussion results in moving forward with approval, then a representative of Mozilla will summarize the request in the bug, and indicate the plan to approve the request. After about one week, if no further questions or concerns are raised, then the representative of Mozilla may approve the request. Once a request is approved then a representative of Mozilla will file bug(s) against the appropriate developer(s) to have the necessary changes made to NSS (for CA root inclusion) or PSM (for EV-enabling a CA) or both.
- If a request is not approved due to outstanding issues that need to be addressed (e.g., a need for further information, or concerns about CA practices) then the request will wither be closed, or will be added to the list of CAs responding to the first discussion. A second round of public discussion may be needed after the issues have been resolved.
Once bugs are filed against NSS and/or PSM the schedule is set first by the NSS/PSM developer(s) (for making the technical changes) and then by the product teams for Firefox and other products (to include the new changes in a release of Firefox, etc.) Root certificate changes to NSS/PSM are usually grouped and done as a batch when there is either a large enough set of changes or about every 3 months. When the developer makes the changes, a test build will be provided and the bug will be updated to request that you test it. After the NSS/PSM changes are committed to an NSS release, then a future version of Firefox will include the updated version of NSS/PSM.
Queue for Public Discussion
The following queue indicates the order in which requests will enter public discussion for root inclusion request from CAs who do not currently have a root certificate included in NSS. In general, only one or two of these requests may be in discussion at any given point. The amount of time that each discussion takes varies dramatically depending on the number of reviewers contributing to the discussion, and the types of concerns that are raised. For each discussion, there must be input from at least two people who have reviewed and commented on the request. To be added to this queue, a request must first achieve the "Information Confirmed Complete" status.
| CA Company Name | Bug ID | Geographic focus | Audit Date yyyy.mm.dd | Status | Notes | 
|---|---|---|---|---|---|
| PROCERT | 593805 | Venezuela | 2011.07.29 | Need response to bug 593805#c72 | Signed by SUSCERTE (bug #489240) | 
| SG Trust Services | 662259 | France | 2011.05.11 | Need response to bug 662259#c63 | |
| D-TRUST | 467891 | Germany | 2012.05.24 | First Discussion started on 9/27 | EV | 
| Atos | 711366 | Europe | 2012.06.06 | In Queue | 
On Hold
The following requests reached the top of the queue, but then got put on hold until further information is supplied.
| CA Company Name | Bug ID | Geographic focus | Audit Date yyyy.mm.dd | Status | Notes | 
|---|---|---|---|---|---|
| FNMT | 435736 | Spain | 2010.08.27 | Need updated info, audit | national government CA | 
Requests from Already Included CAs that are in Discussion
These requests are from CAs that already have roots included in NSS. The requests may be discussed in parallel; the goal is to start each discussion as soon as the information is ready. In general, these requests will remain in discussion for 2 weeks unless further discussion is warranted. To be added to this queue, a request must first achieve the "Information Confirmed Complete" status.
| CA Company Name | Bug ID | Geographic focus | Audit Date yyyy.mm.dd | Status | Notes | 
|---|---|---|---|---|---|
| CNNIC | 607208 | China | 2012.05.31 | Pending Approval | EV | 
| TWCA | 745671 | Taiwan | 2012.03.13 | First discussion started Oct 2 | EV | 
| ANSSI | 693450 | France | 2011.12.15 | First discussion started Oct 2 | Government CA | 
Need to start discussions
These requests can have their discussions started as soon as they respond to the remaining questions in their bug.
| CA Company Name | Bug ID | Geographic focus | Audit Date yyyy.mm.dd | Status | Notes | 
|---|---|---|---|---|---|
| ComSign | 675060 | Israel | 2012.02.07 | Need CPS update, bug 675060#c13 | Current CPS doesn't sufficiently describe verification of email address | 
| Entrust | 694536 | Global | 2012.02.29 | Need test website, bug 694536#c18 | EV | 
CAs Responding to First Discussion
The following list shows the CAs who have gone through the first round of public discussion, and have resulting action items to complete before the second round of public discussion may begin.
| CA Company Name | Bug ID | Geographic focus | Audit Date yyyy.mm.dd | Status | Notes | 
|---|---|---|---|---|---|
| KISA | 335197 | Korea | Need Audit | Responding to First Discussion | need to complete sub-CA review | 
| SSC, Lithuanian National Root | 379152 | Lithuania | 2008.10.30 | Responding to First Discussion | national government CA, Update root roles, CPS, audit | 
| Verizon/CyberTrust | 430698 | global | Need Audit | Responding to First Discussion | EV, no OCSP, has resellers | 
| Swiss BIT | 435026 | Switzerland | Need Audit | Responding to First Discussion | Need new root with clear Issuer info, Update CPS | 
| ICP-Brasil | 438825 | Brazil | Need Audit | Responding to First Discussion | national government CA. Need independent audit for root and sub-CAs | 
| Finnish Population Register | 463989 | Finland | 2008.02.28 | Responding to First Discussion | national government CA. Need audit for SSL and code signing CPS | 
| US FPKI | 478418 | US | 2012.02.28 | Technical Evaluation and Testing | national government CA | 
| NIC | 511380 | India | 2010.02.22 | Responding to First Discussion | Signed by India CCA. Need to update CPS. | 
| E-ME | 518098 | Latvia | 2011.05.02 | Approval Pending Discussion Action Items | bug 518098#c95 | 
| Scientific Trust | 531237 | Austria, Germany, Switzerland | 2009.06.30 | Responding to First Discussion | Need updates to CP/CPS | 
| Symantec/VeriSign | 536318 | Global | 2010.11.30 | Approval pending EV tests | enable EV | 
| Symantec/GeoTrust | 539255 | Global | 2010.11.30 | Responding to First Discussion - SubCA Checklist | EV | 
| Symantec/thawte | 539257 | Global | 2010.11.30 | Approval pending EV tests | enable EV | 
| SafeScrypt | 562763 | India | 2011.06.30 | Need new discussion after CA responds, see bug | Signed by India CCA | 
| SHECA | 566310 | China | 2011.04.30 | Need new discussion after CA responds, see bug | 
Requests in the Information Gathering and Verification Phase
The following CAs are in the Information Gathering and Verification Phase as described in CA:How_to_apply. These requests need to complete the Information Gathering and Verification Phase before they can be put into the queue for public discussion.
| CA Company Name | Bug ID Number | Geographic focus | Notes | 
|---|---|---|---|
| SUSCERTE | 489240 | Venezuela | national government CA, sub-CAs will apply for inclusion | 
| TeliaSonera | 539924 | Nordic Countries | |
| ANF | 555156 | European Union | |
| CCA | 557167 | India | |
| IDRBT | 562764 | India | Signed by India CCA | 
| TCS | 562766 | India | Signed by India CCA, add to pending | 
| MTNL | 562769 | India | Signed by India CCA, add to pending | 
| nCode | 562772 | India | Signed by India CCA, add to pending | 
| eMudhra | 562774 | India | Signed by India CCA, add to pending | 
| Collier | 590593 | US | add to pending | 
| Comodo | 606947 | Global | EV | 
| DigiCert | 617179 | Global | EV, add to pending | 
| Netrust | 632292 | Singapore | |
| Visa | 636557 | Global | |
| EADTrust | 640135 | Spain | add to pending, Regional government CA | 
| PostSignum | 643398 | Czech Republic | National government CA | 
| PSC-FII | 667466 | Venezuela | Signed by SUSCERTE (bug #489240) | 
| Digidentity | 693273 | Netherlands | |
| CATCert | 720326 | Spain | EV | 
| Swisscom | 759732 | Switzerland | EV | 
| SITHS | 792337 | Sweden | |
| Disig | 792377 | Slovakia | add to pending | 
Requests in the Inclusion Phase
The following CAs have been approved and are in the Inclusion Phase as described in CA:How_to_apply.
| CA Company Name | Bug ID | Geographic focus | Notes | 
|---|---|---|---|
| TÜRKTRUST | 433845 | Turkey | EV | 
| StartCom | 602750 | Global | In FF16, need EV | 
| Sertifitseerimiskeskus | 624356 | Estonia | |
| StartCom | 640368 | Global | In FF16, need EV | 
| T-Systems | 669849 | Germany | EV | 
| Buypass | 685128 | Norway | In FF16, need EV |