Confirmed users, Administrators
5,526
edits
CA/Certificate Change Process: Difference between revisions
CA/Certificate Change Process (view source)
Revision as of 23:47, 14 November 2022
, 14 November 2022Changed Bugzilla Product from NSS to CA Program per Bugzilla Bug #1799573
m (Protected "CA/Certificate Change Process" ([Edit=Allow confirmed users only] (indefinite) [Move=Allow confirmed users only] (indefinite))) |
(Changed Bugzilla Product from NSS to CA Program per Bugzilla Bug #1799573) |
||
| Line 13: | Line 13: | ||
== Security Compromise == | == Security Compromise == | ||
When a serious security concern is noticed, such as a root compromise, it should be treated as a security-sensitive bug, and a [https://bugzilla.mozilla.org/enter_bug.cgi?product= | When a serious security concern is noticed, such as a root compromise, it should be treated as a security-sensitive bug, and a [https://bugzilla.mozilla.org/enter_bug.cgi?product=CA%20Program&component=CA%20Certificate%20Compliance&groups=crypto-core-security secure bug should be filed in Bugzilla]. | ||
To report a concern about certificates being issued by a CA in Mozilla's Program: | To report a concern about certificates being issued by a CA in Mozilla's Program: | ||
* https://bugzilla.mozilla.org/enter_bug.cgi?product= | * https://bugzilla.mozilla.org/enter_bug.cgi?product=CA%20Program&component=CA%20Certificate%20Compliance&version=other | ||
Open CA Mis-Issuance bugs: https://wiki.mozilla.org/CA/Incident_Dashboard | Open CA Mis-Issuance bugs: https://wiki.mozilla.org/CA/Incident_Dashboard | ||
| Line 66: | Line 66: | ||
* No recent audit | * No recent audit | ||
'''Important:''' Root changes that are motivated by a serious security concern such as a root compromise should be treated as a security-sensitive bug, and a [https://bugzilla.mozilla.org/enter_bug.cgi?product= | '''Important:''' Root changes that are motivated by a serious security concern such as a root compromise should be treated as a security-sensitive bug, and a [https://bugzilla.mozilla.org/enter_bug.cgi?product=CA%20Program&component=CA%20Certificate%20Compliance&groups=crypto-core-security secure bug filed in Bugzilla]. | ||
The process for removing or disabling a root in NSS is as follows: | The process for removing or disabling a root in NSS is as follows: | ||
# Initiate the request: | # Initiate the request: | ||
#* [https://bugzilla.mozilla.org/enter_bug.cgi?&component=CA%20Certificate%20Root%20Program&product= | #* [https://bugzilla.mozilla.org/enter_bug.cgi?&component=CA%20Certificate%20Root%20Program&product=CA%20Program&bug_severity=enhancement&short_desc=Add%20%5Byour%20CA%27s%20name%5D%20root%20certificate%28s%29 File a bug in Bugzilla] with the following information: | ||
#** Product: | #** Product: CA Program | ||
#** Component: CA Certificate Root Program | #** Component: CA Certificate Root Program | ||
#** Summary should be one of: | #** Summary should be one of: | ||