Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require CAs to operate in accordance with their CPs and CPSes #43

Closed
gerv opened this issue Nov 28, 2016 · 0 comments
Closed

Require CAs to operate in accordance with their CPs and CPSes #43

gerv opened this issue Nov 28, 2016 · 0 comments
Milestone
2.5

Comments

@gerv
Copy link
Contributor

gerv commented Nov 28, 2016

Mozilla policy requires that certificates issued in contravention of a CA's CP/CPS should be revoked. Other than that, Mozilla policy does not directly require that a CA operate in accordance with its CP and CPS. We require this indirectly because the audits that we require, require it. This perhaps surprising omission was brought to light by the Let's Encrypt blocklist incident. Discussion:
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/_pSjsrZrTWY

The proposal is to have Mozilla policy directly require that CAs operate in accordance with the appropriate CP/CPS for the root(s) in our store on an ongoing basis.
@gerv gerv added this to the 2.5 milestone Apr 4, 2017
@gerv gerv closed this as completed in 83fb029 May 19, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.5
Development

No branches or pull requests
1 participant
@gerv