Confirm, administrator
5,526
edits
Changes
cleanup
# A representative of Mozilla [[CA/Application_Verification#Information_Verification|verifies the information provided by the CA]].
# A representative of Mozilla [[CA/Dashboard#Ready_for_Public_Discussion|adds the request to the queue for public discussion.]]
# Anyone interested in the CA's application participates in discussions of CA requests further up [[CA/Dashboard#In_Public_Discussion|currently in discussion]] in the queue[https://www.mozilla.org/en-US/about/forums/#dev-security-policy mozilla.dev.security.policy forum].# When the application reaches the head of the queue, a representative of Mozilla starts the [[CA/Application_Verification#Public_discussion|public discussion]] for the CA in the [https://groupswww.googlemozilla.comorg/en-US/about/forumforums/#!forum/dev-security-policy mozilla.dev.security.policy public discussionforum] for that particular CA.
#* We prefer that at least two independent parties review and comment upon each application.
# A representative of the CA responds to questions and concerns posted during the public discussion of the CA's request.
#* This is the last call for objection. After one week, if no further questions or concerns are raised, then the representative of Mozilla may approve the request, by stating so in the bug.
# A representative of Mozilla creates a bug requesting the actual changes in NSS (and PSM for EV treatment).
#* A representative of the CA confirms that all the data in the NSS bug is correct.#* A representative of Mozilla creates a patch with the new CA certificates and trust bit settings, and provides a special test version of Firefox. #* Changes to NSS regarding CA certificate applications are usually grouped and done as a batch when there is either a large set of changes or about every 3 months.#* A representative of the CA uses [[CA/Application_Instructions#Test|tests the code changes]] using the test version of Firefox to confirm and confirms (by adding a comment in the NSS bug) that the correct certificate(s) is included and that the trust bits are correctly set.#* A representative of Mozilla requests that another Mozilla representative review the patch.#* A representative of Mozilla adds (commits) the patch to NSS, then closes the NSS bug as RESOLVED FIXED.
# Mozilla products move to using a version of NSS which contains the certificate changes. This process is mostly under the control of the release drivers for those products. See [https://wiki.mozilla.org/RapidRelease/Calendar Mozilla's Release Calendar.]
# After inclusion of the CA's root certificate, a representative of Mozilla issues a [http://ccadb.org/ Common CA Database (CCADB)] license to the [[CA/Information_Checklist#CA_Primary_Point_of_Contact_.28POC.29|Primary Point of Contact ]] for the CA.
# The CA enters data into the CCADB for:
#* All of the certificates that are capable of being used to issue new certificates, and which directly or transitively chain to their root certificate(s) included in Mozilla’s Root Store that are not technically constrained as described in section 5.3 of [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla's Root Store Policy].
