Potential New Process: * Add a separate process for CAs to add new root certificate records to the CCADB, before creating a root inclusion request. * Probably the best way to do this is to create a new Audit Case type called "Create Root Certificate Record" * This would essentially be an Audit Case with the added ability to add new root certificates. * Require CA to complete the "Create Root Certificate Record" Case before creating a corresponding Root Inclusion Request * Root Inclusion Request will display information directly from the CA Owner and Root Cert records (not copied, and not editable via root inclusion case) * Root Inclusion Case will also list the latest Audit Case for each root cert in the request * Upon creation of Root Inclusion Request, have a checkbox for CA to select each root store that they are applying to. * Upon submit create one Root Inclusion Request case per root store applying to. * Common information should go into Audit, Information Update, and "Create Root Certificate Record" cases. * Only root store specific information should go into the Root Inclusion Request cases * we’ll need to review/discuss this as we design the new root inclusion cases
Bug 1737866 Comment 2 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Potential New Process: * Add a separate process for CAs to add new root certificate records to the CCADB, before creating a root inclusion request. * Probably the best way to do this is to create a new Audit Case type called "Create Root Certificate Record" * This would essentially be an Audit Case with the added ability to add new root certificates. * Require CA to complete the "Create Root Certificate Record" Case before creating a corresponding Root Inclusion Request * Root Inclusion Request will display information directly from the CA Owner and Root Cert records (not copied, and not editable via root inclusion case) * Root Inclusion Case will also list the latest Audit Case for each root cert in the request * Upon creation of Root Inclusion Request, have a checkbox for CA to select each root store that they are applying to. * Upon submit create one Root Inclusion Request case per root store applying to. ** Could have a parent Case for a common root inclusion request. And have a child Case for each root store applying to. ** What happens when the CA wants to include 2 roots in Apple's root store, and 1 root in Mozilla's roots store? * Common information should go into Audit, Information Update, and "Create Root Certificate Record" cases. * Only root store specific information should go into the Root Inclusion Request cases * we’ll need to review/discuss this as we design the new root inclusion cases
Potential New Process: * Add a separate process for CAs to add new root certificate records to the CCADB, before creating a root inclusion request. * Probably the best way to do this is to create a new Audit Case type called "Create Root Certificate Record" * This would essentially be an Audit Case with the added ability to add new root certificates. * Require CA to complete the "Create Root Certificate Record" Case before creating a corresponding Root Inclusion Request * Root Inclusion Request will display information directly from the CA Owner and Root Cert records (not copied, and not editable via root inclusion case) * Root Inclusion Case will also list the latest Audit Case for each root cert in the request The following needs to be discussed more. e.g. What happens when the CA wants to request 2 roots included in Apple, 3 roots included in Microsoft, and 1 included in Mozilla? * Upon creation of Root Inclusion Request, have a checkbox for CA to select each root store that they are applying to. * Upon submit create one Root Inclusion Request case per root store applying to. * Common information should go into Audit, Information Update, and "Create Root Certificate Record" cases. * Only root store specific information should go into the Root Inclusion Request cases * we’ll need to review/discuss this as we design the new root inclusion cases
Potential New Process: * Add a separate process for CAs to add new root certificate records to the CCADB, before creating a root inclusion request. * Probably the best way to do this is to create a new Audit Case type called "Create Root Certificate Record" * This would essentially be an Audit Case with the added ability to add new root certificates. * Require CA to complete the "Create Root Certificate Record" Case before creating a corresponding Root Inclusion Request * Root Inclusion Request will display information directly from the CA Owner and Root Cert records (not copied, and not editable via root inclusion case) * Root Inclusion Case will also list the latest Audit Case for each root cert in the request The following needs to be discussed more. e.g. What happens when the CA wants to request 2 roots included in Apple, 3 roots included in Microsoft, and 1 included in Mozilla? * Could have one Root Inclusion Case which has a tab for each root store. Within each tab, the CA can indicate which root certificates and trust bits / EKUs they want to apply to the root store for. OR * Upon creation of Root Inclusion Request, have a checkbox for CA to select each root store that they are applying to. * Upon submit create one Root Inclusion Request case per root store applying to. * Common information should go into Audit, Information Update, and "Create Root Certificate Record" cases. * Only root store specific information should go into the Root Inclusion Request cases * we’ll need to review/discuss this as we design the new root inclusion cases
Add Root Certificate: * Create a separate process for CAs to add new root certificate records to the CCADB, before creating a root inclusion request. * New Audit Case type called "Add Root Certificate" * This would be an Audit Case with another tab for adding new root certificates to the CCADB. * Require CA to complete the "Add Root Certificate" Case before creating a corresponding Root Inclusion Request * Root Inclusion Request will display information directly from the CA Owner and Root Cert records (not copied, and not editable via root inclusion case) * Root Inclusion Case will also list the latest Audit Case for each root cert in the request The following needs to be discussed more. e.g. What happens when the CA wants to request 2 roots included in Apple, 3 roots included in Microsoft, and 1 included in Mozilla? * Could have one Root Inclusion Case which has a tab for each root store. Within each tab, the CA can indicate which root certificates and trust bits / EKUs they want to apply to the root store for. OR * Upon creation of Root Inclusion Request, have a checkbox for CA to select each root store that they are applying to. * Upon submit create one Root Inclusion Request case per root store applying to. * Common information should go into Audit, Information Update, and "Create Root Certificate Record" cases. * Only root store specific information should go into the Root Inclusion Request cases * we’ll need to review/discuss this as we design the new root inclusion cases
Add Root Certificate: * Create a separate process for CAs to add new root certificate records to the CCADB, before creating a root inclusion request. * New Audit Case type called "Add Root Certificate" * This would be an Audit Case with an additional tab: ADD ROOT * Require CA to complete the "Add Root Certificate" Case before creating a corresponding Root Inclusion Request * Root Inclusion Request will display information directly from the CA Owner and Root Cert records (not copied, and not editable via root inclusion case) * Root Inclusion Case will also list the latest Audit Case for each root cert in the request The following needs to be discussed more. e.g. What happens when the CA wants to request 2 roots included in Apple, 3 roots included in Microsoft, and 1 included in Mozilla? * Could have one Root Inclusion Case which has a tab for each root store. Within each tab, the CA can indicate which root certificates and trust bits / EKUs they want to apply to the root store for. OR * Upon creation of Root Inclusion Request, have a checkbox for CA to select each root store that they are applying to. * Upon submit create one Root Inclusion Request case per root store applying to. * Common information should go into Audit, Information Update, and "Create Root Certificate Record" cases. * Only root store specific information should go into the Root Inclusion Request cases * we’ll need to review/discuss this as we design the new root inclusion cases
Add Root Certificate: * Create a separate process for CAs to add new root certificate records to the CCADB, before creating a root inclusion request. * New Audit Case type called "Create Root Record" * This would essentially be an Audit Case with an additional tab: ADD ROOT * Require CA to complete the "Create Root Record" Case before creating a corresponding Root Inclusion Request * Root Inclusion Request will display information directly from the CA Owner and Root Cert records (not copied, and not editable via root inclusion case) * Option to Discuss: Root Inclusion Case could also list the latest Audit Case for each root cert in the request The following needs to be discussed more. e.g. What happens when the CA wants to request 2 roots included in Apple, 3 roots included in Microsoft, and 1 included in Mozilla? * Could have one Root Inclusion Case which has a tab for each root store. Within each tab, the CA can indicate which root certificates and trust bits / EKUs they want to apply to the root store for. OR * Upon creation of Root Inclusion Request, have a checkbox for CA to select each root store that they are applying to. * Upon submit create one Root Inclusion Request case per root store applying to. * Common information should go into Audit, Information Update, and "Create Root Certificate Record" cases. * Only root store specific information should go into the Root Inclusion Request cases * we’ll need to review/discuss this as we design the new root inclusion cases