On Tuesday, March 22, 2016 at 3:03:44 PM UTC-7, Kathleen Wilson wrote: > The following 'ACTION #7' has been added to the communication, which is here: > https://wiki.mozilla.org/CA:Communications#March_2016 > and click on "Link to DRAFT of March 2016 CA Communication". > > ~~ > ACTION #7: Finally, please check the 'Owner' column in the spreadsheet of CA > Certificates Included in Mozilla's Program to ensure that the current Owner > of your CA is correctly represented. You may also view this information via > Mozilla's CA Community in Salesforce by viewing the CA Owner record for your > CA. > > If the information needs to be updated, please provide the date when the > change in ownership took place, as well as the following information: CA > Owner Name, Company Website, CA Email Alias, Organizational Type, Geographic > Focus, and Primary Market / Customer Base. Also review Mozilla's Root > Transfer Policy and provide additional information such as updated CP/CPS and > audit statements as appropriate. > ~~
All, It has been brought to my attention that 'CA Owner' is somewhat ambiguous, and I'm not sure how to fix that. For 'CA Owner' I've always just tried to use the name by which the CA is most commonly known. I have never tracked who the major investors are for CAs, and I don't think I should start tracking that information. Maybe instead of specifically asking CAs to check the 'Owner' column in the spreadsheet, I should make sure they are aware of the Root Transfer policy? https://wiki.mozilla.org/CA:RootTransferPolicy So, how about if I change ACTION #7 to the following? ~~ ACTION #7: Finally, please review Mozilla's Root Transfer Policy and provide the relevant information if there has been a Change in Legal Ownership, Physical Relocation of your included root certificates, or the operation of your PKI has been transferred to a different organization resulting in new policies. ~~ Thanks, Kathleen _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
