Discussion Period: Ballot SC-089: Mass Revocation Planning
Ben Wilson
SC-089: Mass Revocation Planning
Purpose of Ballot
This ballot proposes the addition of a new subsection, Section 5.7.1.2 – Mass Revocation Planning, to the Baseline Requirements for the Issuance and Management of Publicly‐Trusted TLS Server Certificates. Its purpose is to require that Certification Authorities (CAs) develop, maintain, and annually test a Mass Revocation Plan as part of their overall business continuity strategy. This is already a requirement of the Mozilla Root Program.
Mass revocation events—situations where a large proportion of a CA's certificates must be revoked within a short period of time—pose significant risks to the stability, reliability, and trustworthiness of the Web PKI. In recent years, such events have revealed operational challenges in CA readiness, communication with affected parties, and the timely replacement of revoked certificates. A well-prepared and well-tested plan is essential to minimizing disruption to subscribers and relying parties, as well as to maintaining the integrity of the public trust ecosystem.
This amendment sets forth minimum requirements for Mass Revocation Plans, including activation criteria, defined roles and responsibilities, mechanisms for subscriber communication, documentation of processes, and expectations for regular testing. It also requires that, as of December 1, 2025, CAs assert in their CPSes that they maintain such a plan and incorporate lessons learned from testing to continually improve their preparedness.
The goal of this ballot is to improve transparency, auditability, and operational resilience across all publicly-trusted, TLS-issuing CAs, while aligning expectations with existing root program policies and auditor feedback.
The following motion has been proposed by Ben Wilson (Mozilla) and endorsed by Enrico Entschew (D-Trust) and Pedro Fuentes (OISTE).
Motion Begins
MODIFY the "Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates" ("TLS Baseline Requirements") based on Version 2.1.5 as specified in the following redline:
Motion Ends
This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as follows:
Discussion (at least 7 days)
- Start time: July 7, 2025 23:00 UTC
- End time: on or after July 14, 2025 23:00 UTC
Vote for approval (7 days)
- Start time: TBD but no sooner than July 14, 2025 23:00 UTC
- End time: TBD