Changes

Jump to: navigation, search

CA

85 bytes removed, 19:32, 10 October 2012
CA-related Documents
== CA-related Documents ==
'''Note: This page and related pages contain unofficial documents related to Mozilla and Certification Authorities, including draft policies, notes, and related information.''' The www.mozilla.org site contains all official CA-related Mozilla documents, including the [http://www.mozilla.org/projects/security/certs/policy/ Mozilla CA Certificate === Policy], the list of [http://www.mozilla.org/projects/security/certs/pending/ pending CA requests], and the list of [http://www.mozilla.org/projects/security/certs/included/ included Included CAs].===
=== Useful Information for CAs ===
* [http://www.mozilla.org/projects/security/certs/policy/ Mozilla's CA Certificate Policy]
** [[CA:Terminology | Terminology]]
 *[[CA:CertPolicyUpdates|Updating Mozilla CA Certificate Policy:]] Working document to identify things to discuss in regards to updating the Mozilla CA Certificate Policy.* [[CA:MD5and1024|Dates for Phasing out MD5-based signatures and 1024-bit moduli]] * [http://spreadsheets.google.com/pub?key=ttwCVzDVuWzZYaDosdU6e3w&single=true&gid=0&output=html List Spreadsheet of all included root certificates]* [[NSS:Release_Versions | NSS:Release_Versions]] -- Mapping of Root Cert Inclusion Bugs to Mozilla Product Releases* [http://www.mozilla.org/projects/security/certs/pending/ Pending CA requests]* [http://www.mozilla.org/projects/security/certs/included/ Companies and certificates included in the Mozilla project Root CA store after March 1st, 2007] and the information that was considered during the inclusion process. === CA Communications === * [[CA:Communications | Communications sent to CAs]] === How to Apply for Root Inclusion or Changes === 
* [[CA:How_to_apply|A guide for CAs]] wishing to apply for inclusion of their root CA certificates.
*[[CA:Root_Change_Process|Root Change Process]]. This wiki page describes how to change a root certificate that is currently included in NSS. This includes the process for disabling or removing a root certificate from NSS.* [[CA:Information_checklist|Checklist of CA information]] required to process a CA's application** [[CA:Recommended_Practices|Recommended practices for CAs]] wishing to have their root CA certificates included in Mozilla products** [[CA:Problematic_Practices|Potentially problematic CA practices]]. This discusses CA practices that are not explicitly forbidden by the Mozilla CA policy, and do not necessarily pose security issues, but that some people have expressed concerns about and that may cause delays in evaluating and approving CA applications. Some of these practices may be addressed in future versions of the Mozilla CA policy.** [[CA:Schedule|Queue for Public Discussion]] of CA evaluations
* [[CA:Recommendations_for_Roots|Technical recommendations for root certificates]]. This is a very first-cut attempt to outline what root certificates should contain, based on the relevant RFCs as supplemented by existing practices.
* [[CA:SubordinateCA_checklist|Checklist for Subordinate CAs and CSPs]] Information needed when subordinate CAs are operated by third parties.
 === How To ... === * [[CAPSM:Root_Change_ProcessEV_Testing_Easy_Version |Root Change ProcessEV Testing in Firefox:]]. This wiki page describes Explains how to change a root you can test that your CA certificate (that you want to enable for EV) and your OCSP infrastructure is currently included in working correctly according to the expectations of Mozilla, Firefox, the NSS. This includes library, and conforms to the process for disabling or removing a root certificate from SSL protocol specifications (as interpreted by Mozilla/NSSsoftware).
** [[CA:EV_Revocation_Checking|EV certificates and revocation checking]]. This discusses how revocation checking via OCSP or CRLs affects the UI treatment of EV certificates.
* [[CA:Glossary|Glossary of CA- and Mozilla-related terms]]. Useful for following Mozilla CA-related discussions.
* [[CA:Certificate Download Specification|Certificate download specification]]. This document describes the data formats used by Mozilla products for installing certificates.
* [[CA:UserCertDB|User Root Certificate Settings]]. This wiki page describes how to override the default root settings in Mozilla products.
* [[CA:UserCertDB|User Root Certificate Settings]]. This wiki page describes how to override the default root settings in Mozilla products.
* [[CA:MD5and1024|Dates for Phasing out MD5-based signatures and 1024-bit moduli]]
* [[CA:CertPolicyUpdates|Updating Mozilla CA Certificate Policy:]] Working document to identify things to discuss in regards to updating the Mozilla CA Certificate Policy.
* [[PSM:EV_Testing_Easy_Version | EV Testing in Firefox:]] Explains how you can test that your CA certificate (that you want to enable for EV) and your OCSP infrastructure is working correctly according to the expectations of Mozilla, Firefox, the NSS library, and conforms to the SSL protocol specifications (as interpreted by Mozilla/NSS software).
* [[NSS:Release_Versions | NSS:Release_Versions]] -- Mapping of Root Cert Inclusion Bugs to Mozilla Product Releases
* [[CA:Communications | Communications sent to CAs]]
* [[NSS:BurnDownList | SSL Burn Down List]] -- collecting/prioritizing bugs
* [[CA:OCSP-HardFail | OCSP Hard Fail]] -- What needs to be done before we can set OCSP to hard fail by default?
* [[CA:CAInclusionProcessIssues | Sandbox for identifying and resolving issues with the CA Inclusion Process]]
=== Discussion forums ===
* [[CA:Tentative_approval_post_template|Tentative approval (newsgroup post)]]
* [[CA:Inclusion_template|Inclusion in NSS]]
 
=== Drafts or Works in Progress ===
 
* [[NSS:BurnDownList | SSL Burn Down List]] -- collecting/prioritizing bugs
* [[CA:OCSP-HardFail | OCSP Hard Fail]] -- What needs to be done before we can set OCSP to hard fail by default?
* [[CA:CAInclusionProcessIssues | Sandbox for identifying and resolving issues with the CA Inclusion Process]]
=== Obsolete ===
Confirm, administrator
5,526
edits

Navigation menu