CA/Updating Root Store Policy

Process for Updating the Root Store Policy

The general process that will be followed to update the Mozilla Root Store Policy (MRSP) is as follows. Issues and potential changes will be tracked in the GitHub policy issue tracker. GitHub issues are only suggestions for changes or improvements to the MRSP. Changes to the MRSP may or may not be made based on issues listed in GitHub.

1. Some GitHub issues are labeled to indicate if they are being considered for an upcoming version of the MRSP.
2. Comments to MRSP issues listed in GitHub may be made there.
3. A Mozilla representative will bring forward item(s) for discussion in the Mozilla dev-security-policy (m-d-s-p) forum.
4. There will be a discussion of how, if at all, to modify the policy for the item.
5. At some point, which may be at the start, a Mozilla representative will draft proposed text.
6. A Mozilla representative will summarize a consensus that has been reached, and/or state the official position of Mozilla in either the discussion in m-d-s-p or in the GitHub issue tracker, or both.
7. There will be an internal Mozilla legal review of the policy changes.
8. The draft policy in Github will be updated, if required.
9. Following discussion and determination of whether to amend the policy to address each issue, it will be closed.

At intervals, a new policy version will be released based on the current draft, along with a timeline for compliance.

• A Mozilla representative will post notice in the m-d-s-p forum and on the CCADB public discussion list.
• A Mozilla representative may send additional email communications to CAs to indicate compliance schedules or other matters.
• The Root Store Policy Archive also contains helpful implementation guidance.
• A Mozilla representative may also post in Mozilla's Security Blog about the policy update.