Version 2.4 of Mozilla’s CA Policy has now been published. This document incorporates by reference the Common CCADB Policy 1.0 and the Mozilla CCADB Policy 1.0, two new documents which govern our use of the Common CA Database which we hope several root programs will use to ease the administration burden.

This seems pretty super-geeky, but having clear, current, enforceable policies regarding the CAs and root certificates in our root program is important for us to continue to be open and transparent about how we run it, and to enable us to continue to drive the security of the web (which depends on the certificate system) in a positive direction.

The policy had not changed for a long time before this update, so this update addressed issues which were uncontroversial and/or urgent. The next job is to rearrange it into a more logical order and then, after that, for version 2.5, we will be looking at some of the more difficult and longer-term policy challenges we face in this space. Here’s the issue tracker if you want to get some idea of what those are. :-)