Confirm, administrator
5,526
edits
Changes
minor updates
Mozilla's efforts to maintain confidence in root certificates include:
# Carefully reviewing [[CA/Application_Process|CA applications for root inclusion]].
#* A Mozilla representative reviews relevant [https://wiki.mozilla.org/CA/Incident_Dashboard incident reports] and the CA’s responses
#* A Mozilla representative checks the CA's CP/CPS documentation for
#** compliance with [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ Mozilla's Root Store Policy,]
#** compliance with [https://wiki.mozilla.org/CA/Required_or_Recommended_Practices Mozilla's Recommended Required Practices] (if issues are noted, they are discussed to determine of the CA takes appropriate measures to protect end-users), and#** avoidance of [https://wiki.mozilla.org/CA/Forbidden_or_Problematic_Practices Mozilla's list of Potentially Problematic Forbidden Practices] (if found, further questions and discussion follow to evaluate if the CA's measures are sufficient to protect end-users).
#* A Mozilla representative confirms that the CA has been audited as per [https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#31-audits Mozilla's Root Store Policy.]
# Keeping a record of current audit statements for each CA.
