Google's S/Mime trusted list Inclusion

[Francisco Marques]

Hello All,

My name is Francisco Marques and I'm speaking on behalf of DigitalSign.

DigitalSign is a European eIDAS QTSP, which currently already has 2 root CAs included in Mozilla trusted list.

The reason I'm opening this chat is due to the fact that DigitalSign s trying to apply for the inclusion of its issuing CAs into the trusted store for Gmail S/MIME (the end user certificates are S/MIME certificates used for digital signature and email signature).

Additional info: https://support.google.com/a/answer/7448393

Unfortunately, we are unable to proceed due to contact absence and lack of reply on the general contacts.

Since there's no specific channel for this subject, we will be grateful for any help/information anyone can give/share with us.

Thank you very much!

Best regards,

Francisco Marques, speaking on behalf of DigitalSign.

[Ryan Dickson]

Hi Francisco,

We've engaged with our colleagues who manage the set of CA certificates trusted by Gmail for S/MIME on your behalf. 

Someone should reach out to you shortly.

Thanks,

Ryan

--
You received this message because you are subscribed to the Google Groups "CCADB Public" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public+un...@ccadb.org.
To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/ee34eaf3-1184-496b-9583-ad059f4554dfn%40ccadb.org.

[Antti Backman]

Hi,

We're experiencing similar challengies, so would it be possible to have the same help for us also, thanks

Antti Backman, on behalf of Telia Company.

[dr. Szőke Sándor]

Hi,

 

we would need the same contact information too.

 

Microsec is already included on the trusted CA list for S/MIME with one Root certificate, but we set up a new ECC based hierarchy in 2017, and we would like to finish the transition to this hierarchy.

 

We tried to contact Google in March but we had no success.

 

Sándor

To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/4706a25b-c55f-403c-ac48-d5ef191cdea5n%40ccadb.org.

[Ryan Dickson]

Hi all,

We're still working with our colleagues within Google to identify an appropriate POC to help with these requests.

We appreciate your continued patience and will follow up as soon as possible.

- Ryan

[Francisco Marques]

Hi Ryan,

DigitalSign thanks you for the efforts on helping us on this subject.

We will wait for additional information.

Best regards,

Francisco Marques.

[Ryan Dickson]

Hi all,

Following-up: The Gmail Team is planning an update to this page to help better answer the community's questions and help action CA inclusion requests.

In the interim, they created this form to allow interested parties to connect with members of the Gmail Team.

We've also directly shared the list of POCs who expressed interest in S/MIME for Gmail 1) on this thread and 2) at the recent CA/Browser Forum Face-to-Face. I encourage all interested parties to respond to the form, regardless of whether they've previously expressed interest. 

Thank you for your patience!

- Ryan

[e-commerce monitoring (Trust2Go)]

Hi all,

Is there any update?

For us It's been 3 years since we contacted gmail the first time.
Best,
Daniel
GLOBALTRUST

[Rob Stradling]

Hi Ryan.  That page is still dated February 2020, and despite filling in that form in June 2023 we have not been contacted by the Gmail Team.

Are you able to share any updates or even ETAs from your side?  Is the Gmail Team still planning to "action CA inclusion requests"?

Thanks in advance for any help you can provide.

---

From: 'Ryan Dickson' via CCADB Public <pub...@ccadb.org>
Sent: 22 June 2023 20:28
To: Francisco Marques <franciscom...@gmail.com>
Cc: CCADB Public <pub...@ccadb.org>

Subject: Re: Google's S/Mime trusted list Inclusion

 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CADEW5O9D8sY-JrPobsjbYRSyGo2CRUaZgvQY3Ky8gBe1_iPAMA%40mail.gmail.com.

[Andy Warner]

The Gmail team is currently working on an update. We've passed along suggestions about improving comms back to submitters and providing public info about their update cadence.

To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/MW4PR17MB472942BCF46742C68736BD95AA072%40MW4PR17MB4729.namprd17.prod.outlook.com.

[Erhan Nergiz]

Hi,

An update of Gmail’s S/MIME trusted roots is currently underway, and we expect the updated trust list to land in approximately 4 weeks. At that time, the list of trusted certificates disclosed to https://support.google.com/a/answer/7448393?hl=en will be updated and we will follow up with this community.
For the time being, while we continue to consider resourcing and operationalizing a dedicated root program like we see with Chrome’s, we will plan regular updates to this list following the set of S/MIME roots trusted by NSS.

 
Thanks,
Erhan, on behalf of the Gmail Security team

[Rob Stradling]

Thanks Erhan!  That's excellent news!

> At that time, the list of trusted certificates disclosed to https://support.google.com/a/answer/7448393?hl=en will be updated

Whilst you're preparing this update, please also review/update the CA Owner names on that page.  (I'm particularly keen to see "Comodo" updated to "Sectigo" :-) ).

---

From: Erhan Nergiz <ane...@google.com>
Sent: 10 April 2024 18:19
To: CCADB Public <pub...@ccadb.org>
Cc: Andy Warner <awa...@google.com>; Ryan Dickson <ryand...@google.com>; CCADB Public <pub...@ccadb.org>; Rob Stradling <r...@sectigo.com>; Nicolas Lidzborski␄ <nl...@google.com>