On 24/04/15 08:17, Man Ho (Certizen) wrote:
The term transfer a root certificate is new to me. What are the
rationale of such transferal? Move from one location to another
location, or from one HSM to another HSM? Ownership of the CA had
changed from one organization to another organization?
Kathleen,
I think we need to drill down into what is meant by audit. Also, I don't
think a CA who is under ongoing audit obligations should have a special
audit just for a root transfer. Neither should the current CA that is
operating under audit be required to have a special audit. If two
On 4/23/2015 4:21 PM, Kathleen Wilson wrote:
All,
It has been brought to my attention that we do not have a documented
procedure or policy about how to transfer a root certificate from one CA
to another.
Do we need to add expectations about root cert transfers to Mozilla's CA
On Thursday, December 18, 2014 at 4:19:33 PM UTC-8, Kathleen Wilson wrote:
Certinomis has applied to include the Certinomis - Root CA root
certificate, and enable the Websites trust bit. This SHA-256 root will
eventually replace the Certinomis - Autorité Racine G2 root
certificate that was
On Fri, April 24, 2015 6:34 am, Moudrick M. Dadashov wrote:
Kathleen, wouldn't be it easier to apply the transferred CA the same
requirements as to any other? That means the new CA must have its
operations audited under its ***fully completed transfer*** operations.
The root and all
On 4/24/2015 5:30 PM, Ryan Sleevi wrote:
On Fri, April 24, 2015 6:34 am, Moudrick M. Dadashov wrote:
Kathleen, wouldn't be it easier to apply the transferred CA the same
requirements as to any other? That means the new CA must have its
operations audited under its ***fully completed
On Fri, April 24, 2015 8:20 am, David E. Ross wrote:
2. If the new owner is a certification authority whose root
certificates already exist in the NSS database, that root will continued
to be considered trusted. However, trust bits and EV status of the
transferred root cannot exceed the
On 4/24/2015 8:58 AM, Ryan Sleevi wrote [in part]:
On Fri, April 24, 2015 8:20 am, I previously wrote [also in part]:
2. If the new owner is a certification authority whose root
certificates already exist in the NSS database, that root will continued
to be considered trusted. However,
On Fri, April 24, 2015 7:52 pm, David E. Ross wrote:
If a root has already been added to the NSS database, we must assume
that it has undergone the Mozilla process for that inclusion. The
process involves looking not only at the root but also at the
certification authority; at least that
On 2015-04-24 01:21, Kathleen Wilson wrote:
4) Before the new CA begins issuing certs in the transferred CA cert
hierarchy, there should be an audit performed at the new CA's site to
confirm that the transfer was successful and that the root cert is ready
to resume issuance.
Would this be a
10 matches
Mail list logo