Confirm, administrator
5,526
edits
Changes
Added Bugzilla Component for Common CA Database (CCADB)
** Requests to [https://www.ccadb.org/cas/intermediates#marking-an-intermediate-certificate-as-revoked add certs to OneCRL].
* [https://bugzilla.mozilla.org/buglist.cgi?resolution=---&query_format=advanced&component=CA%20Certificates%20Code&product=NSS NSS :: CA Certificates Code] - For actual code changes to NSS. Kathleen should be the only person filing these bugs on behalf of the CA Program.
* [https://bugzilla.mozilla.org/buglist.cgi?resolution=---&query_format=advanced&component=Common%20CA%20Database&product=NSS NSS :: Common CA Database] - For requesting updates to the [https://www.ccadb.org/ Common CA Database (CCADB)].
The CA Certificate Program deviates from Mozilla's standardized [[Bugmasters/Process/Triage|Bugzilla Bug Triage]] process by not using bug priorities (P1, P2, P3, or P5), because [https://bugzilla.mozilla.org/buglist.cgi?resolution=---&query_format=advanced&component=CA%20Certificate%20Root%20Program&product=NSS CA Certificate Root Program bugs] do not directly include code changes to Mozilla's [[RapidRelease/Calendar|release trains]] or iterations.
To report a concern about certificates being issued by a CA in Mozilla's Program, or their audit statements:
* https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance
* [https://bugzilla.mozilla.org/buglist.cgi?resolution=---&query_format=advanced&query_format=advanced&component=CA%20Certificate%20Compliance&product=NSS&status_whiteboard_type=allwordssubstr&status_whiteboard=covid-19 [covid-19]] -- appended after [ca-compliance], [audit-delay], or [delayed-revocation-ca] when delays are due to mandated restrictions regarding COVID-19.
A representative of a CA may begin the process of root inclusion, change, or ev-enablement by filing a Bugzilla Bug as described here:
* https://wiki.mozilla.org/CA/Application_Process
* [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&product=NSS&component=CA%20Certificate%20Root%20Program&resolution=---&resolution=FIXED&resolution=INVALID&resolution=WONTFIX&resolution=DUPLICATE&resolution=WORKSFORME&resolution=INCOMPLETE&resolution=SUPPORT&resolution=EXPIRED&resolution=MOVED&longdesc_type=allwordssubstr&longdesc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=ca-denied&keywords_type=allwords&keywords=&bug_id=&bug_id_type=anyexact&votes=&votes_type=greaterthaneq&emailtype1=substring&email1=&emailtype2=substring&email2=&emailtype3=substring&email3=&chfieldvalue=&chfieldfrom=&chfieldto=Now&j_top=AND&f1=noop&o1=noop&v1= [ca-denied]] -- request was denied. Under normal circumstances the CA may submit a new root inclusion request for a new root certificate that fully complies with Mozilla's Root Store policy.
* [https://bugzilla.mozilla.org/buglist.cgi?&query_format=advanced&component=CA%20Certificate%20Root%20Program&product=NSS&status_whiteboard_type=allwordssubstr&status_whiteboard=ca-audit [ca-audits]] -- One bug may be created per CA to store audit statements or CP/CPS documents.
** [https://bugzilla.mozilla.org/enter_bug.cgi?alias=&assigned_to=kwilson@mozilla.com&blocked=&bug_file_loc=http%3A%2F%2F&bug_severity=enhancement&bug_status=NEW&component=CA%20Certificate%20Root%20Program&product=NSS Link to create ca-audit bug]
** Close bug as RESOLVED | WORKSFORME
* [https://bugzilla.mozilla.org/buglist.cgi?resolution=---&query_format=advanced&query_format=advanced&component=CA%20Certificate%20Root%20Program&product=NSS&status_whiteboard_type=allwordssubstr&status_whiteboard=ca-program [ca-program]] -- bugs related to CA Program process, wiki pages, or policy. Note that most [https://github.com/mozilla/pkipolicy/issues CA Program Policy issues] are tracked on Github.
* [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=ca-onecrl [ca-onecrl]] -- bugs related to updating entries in OneCRL. Under normal circumstances a Bugzilla Bug is not needed for this. Rather, the CA should [http://ccadb.org/cas/intermediates report the revocation via the Common CA Database].
* [https://bugzilla.mozilla.org/buglist.cgi?short_desc=CCADB%20entries%20generated&short_desc_type=allwordssubstr OneCRL Entries Generated] -- bugs for verifying OneCRL entries before they are pushed to production. These bugs are automatically generated from CCADB for standard revocations of intermediate certificates that are reported by CAs. Otherwise these bugs are generated by manually running the tools for specially requested additions to OneCRL.
=Common CA Database (CCADB)=
* [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=ccadb-bug [ccadb-bug]] -- for issues or problems using the CCADB.
* [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=ccadb-enhancement [ccadb-enhancement]] -- for requesting minor updates to the CCADB, such as adding sections or fields to pages for root store members.
* [https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&query_format=advanced&status_whiteboard_type=allwordssubstr&status_whiteboard=ccadb-roadmap [ccadb-roadmap]] -- for tracking large updates to the CCADB, which are prioritized by the CCADB Council in the CCADB Roadmap.
