Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require more detail in CPSes re: CA ownership and control #237

Open
BenWilson-Mozilla opened this issue Jan 19, 2022 · 1 comment
Open

Require more detail in CPSes re: CA ownership and control #237

BenWilson-Mozilla opened this issue Jan 19, 2022 · 1 comment

Comments

@BenWilson-Mozilla
Copy link
Collaborator

See arguments by Moudrick Dadashov and suggestions made by Peter Bowen in regard to Telia's CA inclusion request. https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/52Gfr4dnJD8/m/MhA3ay6XBQAJ

Mozilla's Root Store Policy should be amended to require more disclosure and specificity in the CPS regarding the roles of corporate parents and affiliates and which corporate entities are providing: (1) CA services, (2) RA services, (3) risk management, (4) funding, (5) liability coverage, etc., especially when large corporations are acting as CA operators.
@BenWilson-Mozilla BenWilson-Mozilla added the 2.9 Mozilla Root Store Policy v. 2.9 label Apr 26, 2022
@BenWilson-Mozilla
Copy link
Collaborator Author

Rather than requiring that this information be added in CPSes, we could add such questions to the Value-vs-Risk Justification.

@BenWilson-Mozilla BenWilson-Mozilla removed the 2.9 Mozilla Root Store Policy v. 2.9 label May 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@BenWilson-Mozilla