All,
There are currently 59 issues listed in GitHub related to the Mozilla Root Store Policy (MRSP), (https://github.com/mozilla/pkipolicy/issues). Below is a list of 11 items that I have flagged to consider addressing in the next version (2.9) of the MRSP, which I'd like to finalize in the next two months. They are tagged with a "2.9" label in GitHub (https://github.com/mozilla/pkipolicy/labels/2.9).
I will appreciate your input on this list. Are there MRSP issues in GitHub that should be added, removed, or re-prioritized?
Please respond here on the dev-security-policy list (MDSP) with general comments or with pointers to the issue as it appears on GitHub.
Based on the list, I will start a separate discussion thread on MDSP for each issue.
FWIW, I also created draft language in GitHub for these v.2.9 issues (links below). Before I post the notice of each separate discussion on MDSP, if you would like to begin in-depth, substantive discussions on the resolution of these issues, you can do so on GitHub. In other words, feel free to discuss these issues on GitHub until we launch a specific discussion here on this list--which will be done with a subject line of, e.g., "Policy 2.9: MRSP Issue #123", etc.
#123 - Annual Compliance Self Assessment
#232 - Add policy about old root certificates
#239 - Audit Statement Content
#250 - Clarify MRSP 5.3.2 to expressly include revoked CA certificates
#252 - Add Requirements for Reporting CA Security Incidents
#254 - Harmonize CRL Reason Codes with CA/B Forum Revocation Reasons
#258 - SMIME Baseline Requirements
#261 - Merge 5 and 5.1 in Section 2.1
#263 - Clarify sentence prohibiting blank sections that also contain no Subsections in CPs and CPSes
#266 - Update 2.4 Incidents to reference https://www.ccadb.org/cas/incident-report
#267 - Update WebTrust and ETSI audit criteria to current versions and identifiers
Thanks,
Ben Wilson
Mozilla Root Store