MRSP 3.1: MRSP Publication and Guidance

77 views
Skip to first unread message

Ben Wilson

unread,
Jun 29, 2026, 8:15:42 AMJun 29
to dev-secur...@mozilla.org

All,

Version 3.1 of the Mozilla Root Store Policy (MRSP) is now published. It has an effective date of July 1, 2026.

This policy update focuses primarily on improving the transparency, clarity, and auditability of CA operations through enhanced CP/CPS Documentation requirements and the introduction of a Detailed Controls Report (DCR) audit requirement, both starting July 1, 2027. Additional background is available in the accompanying Mozilla Security Blog post - Improving Transparency and Assurance in the Web PKI.

Mozilla has also published the following four new guidance documents under a new Documentation section of the CA wiki.

These guidance documents are intended to help CA operators understand Mozilla's expectations regarding CP/CPS documentation and DCRs. They provide explanatory material, examples, and frequently asked questions to support consistent implementation of the new policy requirements. We are also preparing a white paper that will provide additional background and implementation guidance regarding DCRs. We expect to publish it separately once it is complete.

Mozilla encourages CA operators to begin reviewing the new policy (tracked changes) and accompanying guidance.

As always, questions and feedback are welcome.

Thanks again to everyone who provided comments to help improve MRSP v3.1 during this process.

Ben Wilson

Mozilla Root Store Program


Reply all
Reply to author
Forward
0 new messages