Root Store Operators: Why Use the CCADB?
While maintaining an up-to-date root store containing only credible CAs is important and necessary for many organizations to help keep their end users safe, it is usually not done for profit and is not a strategic area for core business. Much of the data that root store operators maintain for their CA programs is common and public data. Participating in the Common CA Database (CCADB) will pave the way for better, more efficient and more cost-effective management of your root store, making the internet safer for everyone.
The CCADB has the following capabilities:
- Automates notification to CAs when updated audit statements are due.
- Enables multiple people to share in the maintenance of the CA and subCA data (CP/CPS links, audit links/dates/auditor qualifications, Points of Contact, etc.)
- Automates sending of communications to CAs and receiving and analyzing their responses.
- Makes it easier to review information and status associated with root inclusion requests.
- Tracks non-technically-constrained intermediate certificates.
- Makes your CA program more transparent.
In the future, the CCADB will:
- Permit a CA to apply to multiple root stores with a single application process.
Root Store Members can:
- Access the CCADB.
- Independently operate and make decisions on root inclusion/change requests, and verify audit data for their root stores.
- Send email to all CAs in their program according to specified criteria.
- Automate sending reminders to CAs about when periodic updates are due.
- Share their findings in verifying data related to root and intermediate certificates; including annual audits, policy documentation, contact information, etc.
- Make root-store-specific customizations to the CCADB (subject to Mozilla’s approval).
- Propose and help design customizations to the CCADB that impact all participants (subject to Mozilla’s approval).
- Share in the cost of maintaining the CCADB.
- Publish data relating to the root certificates included in their programs.
The cost of operating and maintaining the CCADB is shared among the Root Store Members. Mozilla’s goal in sharing the CCADB is to improve the quality of the CA data and help keep end users safe. It is expressly not a goal of Mozilla to make money from sharing the CCADB.
Currently, the following types of costs are shared among Root Store Members:
- Subscription fees and other costs imposed by the underlying CRM (e.g., Community and Enterprise license costs).
- Costs of implementing shared customizations to the interface or data.
- Maintenance costs.
These categories of costs are subject to change.
Interested in becoming a Root Store Member? See how.