I am leading the effort to create a policy and a process for removing a Certification Authority root certificate from distribution in Mozilla products, and I would greatly appreciate your input and feedback on the following.
Wiki page for ideas about the process and policy: https://wiki.mozilla.org/CA:Root_Removal_Policy_Notes Adding your input/comments/suggestions directly to the wiki page is greatly appreciated, but please don’t delete anything. DRAFT text for the Policy: http://www.mozilla.org/projects/security/certs/removal-policy/ Note that I am operating under the assumption that there is currently no way in NSS to mark a root certificate as “untrusted”. Please let me know if this assumption is incorrect. As you will see in the notes and draft policy, there is consideration for deprecating a root by unsetting the trust bits (websites, email, code), and of completely removing the root certificate from NSS. If it would be reasonable to mark a root cert as “untrusted” in NSS, we could also consider this option... If a root were to be compromised, and marked as untrusted, it could be treated as though all of the trust bits are unset, and not allow the user to set any of the trust bits. This would be safer than removing the root from NSS, because it would prevent the user from importing and trusting the root. I look forward to your constructive input on the creation of this policy and process. Kathleen -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
