github.com/mozilla/pkipolicy issues | Ecosyste.ms: OpenCollective

Change Intermediate CA to Subordinate CA

BenWilson-Mozilla opened this issue about 2 months ago

Adopt policy that encourages automation for certificate issuance and renewal

BenWilson-Mozilla opened this issue 3 months ago

Consider requiring MarkDown for CPs and CPSes

BenWilson-Mozilla opened this issue 4 months ago

Add P-521 as currently supported

BenWilson-Mozilla opened this issue 6 months ago

OCSP response issuance latency for certificates/pre-certificates

BenWilson-Mozilla opened this issue 6 months ago

TLS-specific and S/MIME-specific Root CAs

BenWilson-Mozilla opened this issue 6 months ago

Add Linting Requirements

BenWilson-Mozilla opened this issue 7 months ago

删除 bjca 根证书

superarts opened this issue 7 months ago

Address Delayed Revocation

BenWilson-Mozilla opened this issue 7 months ago

Emphasize period-of-time key lifecycle management in MRSP § 3.1.3

BenWilson-Mozilla opened this issue about 1 year ago

Initial Incident Report Timeframe

BenWilson-Mozilla opened this issue over 1 year ago

Clarify sentence prohibiting blank sections that also contain no Subsections in CPs and CPSes

BenWilson-Mozilla opened this issue almost 2 years ago

Consider replacing "CA operator" with "CA owner"

BenWilson-Mozilla opened this issue almost 2 years ago

Consider Requiring Logging in Certificate Transparency

BenWilson-Mozilla opened this issue over 2 years ago

Clarify OCSP/CRL Availability Requirements

wthayer opened this issue over 4 years ago

Update CCADB Policy section 4 to match v2.5 of Mozilla Root Store Policy

WilsonKathleen opened this issue over 7 years ago

For new inclusions, require all existing unexpired unrevoked certs in hierarchy to be BR compliant

gerv opened this issue over 7 years ago

Require CAs to support problem reports via email

gerv opened this issue over 7 years ago

Consider moving root store to independent releases, new format

gerv opened this issue over 7 years ago

Fix rules for name constraints

gerv opened this issue over 7 years ago

Require CAs to reject keys in certs which are revoked for keyCompromise

gerv opened this issue over 7 years ago

Confusion about Last sentence of item 3 of Section 2.2 of Mozilla Root Store Policy

WilsonKathleen opened this issue over 7 years ago

CCADB Policy: Update Section 4 to recognize constraints at the root cert level

WilsonKathleen opened this issue over 7 years ago

Consider sunsetting domain name ownership validations not done by 10-Blessed-Method-compatible means

gerv opened this issue over 7 years ago

Policy 2.5 phase in period for Technical constraints for S/MIME CAs

dougbeattie opened this issue over 7 years ago

Update URL to list of included roots

koenrh opened this pull request over 7 years ago

Clarify requirement for full annual period-of-time audits

WilsonKathleen opened this issue over 7 years ago

Consider ban on using same key in multiple root/intermediate certificates

gerv opened this issue over 7 years ago

Re-check the new auditor related verbiage in version 2.5 re rejecting an auditor

WilsonKathleen opened this issue over 7 years ago

Change approach for defining misissuance to "enumerating goodness"

gerv opened this issue over 7 years ago

Evaluate pzb's "General WebPKI requirements" to see if any of it should be in our policy

gerv opened this issue over 7 years ago

Update links in section 7.2

WilsonKathleen opened this issue over 7 years ago

Build on BRs to specify larger sample sizes for sampling audits for TCSCs

gerv opened this issue over 7 years ago

Update URL for Common CCADB Policy

gerv opened this issue over 7 years ago

Update policies allowed/required for ETSI audits

WilsonKathleen opened this issue over 7 years ago

Issue 57 - Incorporate Root Transfer Policy

gerv opened this pull request over 7 years ago

Add anyEKU to scope

gerv opened this issue over 7 years ago

Update Section 3.1.3 - Audit Information

WilsonKathleen opened this issue over 7 years ago

Indicate direction of travel with respect to permitted domain validation methods

gerv opened this issue over 7 years ago

Add definition of "mis-issuance"?

gerv opened this issue over 7 years ago

Section 5.3.1 and root certs with only the Email trust bit set

WilsonKathleen opened this issue over 7 years ago

Kathleen's review of version 2.4.1

WilsonKathleen opened this issue over 7 years ago

Require disclosure of all CA certificates issued by an unconstrained CA

gerv opened this issue over 7 years ago

Make it clear that Mozilla policy has wider scope than the BRs

gerv opened this issue over 7 years ago

Consider merging Mozilla CCADB policy into main Root Store policy

gerv opened this issue almost 8 years ago

Require all CAs to meet appropriate Network Security guidelines

gerv opened this issue almost 8 years ago

Fix definition of constraints for id-kp-emailProtection

gerv opened this issue almost 8 years ago

Better rules about what do when audits are qualified

gerv opened this issue almost 8 years ago

Specify an explicit grace period for Sub-CA disclosure

AGWA opened this issue almost 8 years ago

Add any additional requirements for audit cover letters

gerv opened this issue almost 8 years ago

Add requirement to increment version number of CP/CPS when reviewing

gerv opened this issue almost 8 years ago

Following m.d.s.policy is now a program requirement

gerv opened this issue almost 8 years ago

Require qualified auditors unless agreed in advance

gerv opened this issue almost 8 years ago

CCADB Policy section 3 - update to reflect Audit Cases

WilsonKathleen opened this issue almost 8 years ago

Clarify "certificate signing requests" language to make clear includes all requests for certs

gerv opened this issue almost 8 years ago

Clarify requirement for multi-factor auth

gerv opened this issue almost 8 years ago

"domain" and "domain name"

paulehoffman opened this issue almost 8 years ago

Add Requirements about what an Audit Statement must include

WilsonKathleen opened this issue almost 8 years ago

Incorporate Root Transfer Policy

gerv opened this issue almost 8 years ago

Add "non-exempt" to requirement about revoked intermediate certs

WilsonKathleen opened this issue almost 8 years ago

Reorganize policy and publish version 2.4.1

gerv opened this issue almost 8 years ago

Update CCADB and Mozilla policy version numbers to 1.0

gerv opened this issue almost 8 years ago

First version of CCADB policies and associated Root Store policy updates

gerv opened this pull request almost 8 years ago

Renumber sections to remove any gaps or duplicates

gerv opened this issue almost 8 years ago

Issue #7

gerv opened this pull request almost 8 years ago

Require public audit report documents to list roots and intermediates covered by audit

gerv opened this issue almost 8 years ago

Issue 27

gerv opened this pull request almost 8 years ago

Define how quickly CAs must report revocation of intermediate cert

WilsonKathleen opened this issue almost 8 years ago

Replace explicit HTML anchors with proper markdown for IDs

gerv opened this issue about 8 years ago

See if parts of wiki page CA:BaselineRequirements need to be directly in CA Policy

WilsonKathleen opened this issue about 8 years ago

Add requirement for CAs to meet the CIS controls

WilsonKathleen opened this issue about 8 years ago

New version of WebTrust BR Criteria -- v2.2

WilsonKathleen opened this issue about 8 years ago

Require CAs to operate in accordance with their CPs and CPSes

gerv opened this issue about 8 years ago

Consider restricting government roots to that country's TLD(s)

gerv opened this issue about 8 years ago

Make clear that duplicate serial numbers are OK when supporting CT

gerv opened this issue about 8 years ago

Replace all occurrences of 'CA' with "Certification Authority' when that is the intended meaning

WilsonKathleen opened this issue about 8 years ago

Policy about non-sequential audits

gerv opened this issue about 8 years ago

Specify allowed encoding of RSA PKCS#1 1.5 parameters

briansmith opened this issue about 8 years ago

Specify allowed PSS parameters

briansmith opened this issue about 8 years ago

Decide how policy applies to certs under TCSCs

gerv opened this issue about 8 years ago

Add CC-0 license to policy

gerv opened this issue about 8 years ago

Clearly define policy scope

gerv opened this issue about 8 years ago

Decide when to phase out old ETSI standards

gerv opened this issue about 8 years ago

Solve the problem of audits for new subCAs

gerv opened this issue about 8 years ago

Write CCADB (Salesforce) Policy

gerv opened this issue about 8 years ago

Update version number of Baseline Requirements

gerv opened this issue about 8 years ago

Update version number of EV Guidelines

gerv opened this issue about 8 years ago

Require that audit reports disclose all root and intermediate certificates in scope

gerv opened this issue about 8 years ago

Use language of capability throughout

gerv opened this issue about 8 years ago

Require separate intermediates for different usages (e.g. server auth, S/MIME)

gerv opened this issue about 8 years ago

Implement "proper" SHA-1 ban

gerv opened this issue about 8 years ago

Require Governmental audit equivalencies to include BRs

gerv opened this issue about 8 years ago

Require Government CAs to be 3rd party-audited, or constrained

gerv opened this issue about 8 years ago

Reduce maximum lifetime of OCSP responses

gerv opened this issue about 8 years ago

Require all OCSP responses to have a nextUpdate field

gerv opened this issue about 8 years ago

Require OCSP responses to be signed by certs with lifetime longer than response

gerv opened this issue about 8 years ago

Define actions or practices that bar a company from being a trusted CA

gerv opened this issue about 8 years ago

Clarify/enforce that syntactically valid certificates are a requirement

gerv opened this issue about 8 years ago

Clarify requirements for reporting of security failures/policy violations

gerv opened this issue about 8 years ago

Make it more clear which audit requirements apply to S/MIME

gerv opened this issue about 8 years ago