MRSP 3.1: Candidate Issues
Ben Wilson
All,
I have reviewed the open issues in the mozilla/pkipolicy repository and identified a set of items to address in the next version (v. 3.1) of the Mozilla Root Store Policy (MRSP). These are currently labeled for the upcoming update:
https://github.com/mozilla/pkipolicy/issues?q=is%3Aissue%20state%3Aopen%20label%3A3.1
The current set of issues proposed for inclusion in v.3.1 is:
| Issue # | Description |
|---|---|
| #298 | Clarify MRSP 7.1 audit requirements for inclusion requests |
| #297 | Update version number references for audit criteria |
| #296 | Add possibility of requesting a Detailed Controls Report as MRSP 3.1.5 |
| #295 | Revise Item 1 in MRSP 3.3 |
| #294 | Require Root CA Key Generation within Last 5 Years |
| #293 | Remove redundancy between MRSP and CCADB Policy and BRs |
| #292 | Refine what a "timely manner" means in MRSP 7.3 |
| #291 | Clarify MRSP 8.1 re: CA Acquisitions |
| #282 | Consider requiring Markdown/AsciiDoc for CPs and CPSes |
Rather than addressing each issue independently, I plan to organize discussion into four (4) themed threads by grouping related issues together, to keep conversations focused and productive, in the following order:
1. CP/CPS Documentation Requirements
(#295, #282)
Focus: sufficiency of disclosure, incorporation by reference, and documentation format.
2. Audits, Assurance, and Root Inclusion Requirements
(#296, #297, #298, #294)
Focus: audit expectations, Detailed Controls Reports (DCRs), and requirements tied to root inclusion (including root key age).
3. CA Operational Reporting and Policy Alignment
(#292, #293)
Focus: timeliness of updates, and alignment with CCADB Policy and CA/Browser Forum requirements.
4. Governance and CA Ownership Changes
(#291)
Focus: evaluation of CA acquisitions and changes in control.
If there are additional issues that should be included, or if any of the above should be re-scoped or reprioritized, please respond here.
Thanks,
Ben
Mozilla Root Program