Closed Bug 382578 Opened 18 years ago Closed 16 years ago

CA Cert Policy: Require paperwork as well as electronic information

Categories

(mozilla.org :: Governance, task)

Product:
mozilla.org
Component:
Governance
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: gerv, Assigned: zak)

Details

It has been suggested that CAs should submit some paperwork by postal mail as well as electronically. A formal inclusion request and general details from the CA in question might help Mozilla in the case of legal problems in the future. Apparently Apple and Microsoft do require physical paperwork. Gerv
Agreed! Submission of the general details of the CA and its root certificates, audit reports and additional information should be made by the responsible and authorized person. This information can be evaluated together with the bug request and also cross-verified. Specially also the SHA1 fingerprint the root certificate(s) can be verified in this way.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
Discussion of this sort of thing now happens in mozilla.dev.security.policy, and documents are prepared on the wiki. So this information has been moved to: https://wiki.mozilla.org/CA:Problematic_Practices which seems the right sort of place for it to be if it's going to be taken into account for future policy revisions. There's no good resolution to use; INVALID will have to do. Gerv
You need to log in before you can comment on or make changes to this bug.