Confirm, administrator
5,526
edits
Changes
Added section about requiring complete (no gaps) audit history
* All documents supplied as evidence must be publicly available.
* Documents purporting to be from the CA's auditor (or other evaluator) should be available directly from the auditor (e.g., as documents downloadable from the auditor's web site).
==== Complete Audit History ====
[https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy#71-inclusions Mozilla's Root Store Policy] states: "Before being included, CAs MUST provide evidence that their CA certificates have continually, from the time of creation, complied with the then-current Mozilla Root Store Policy and Baseline Requirements."
This requirement may be met via one of the following options:
* Providing the sequence of audit statements on the CA's website.
* Attaching the sequence of audit statements to the root inclusion request (Bugzilla Bug).
=== Revocation of Compromised Certificates ===
