Public Discussion of D-Trust CA Inclusion Request

1,164 views
Skip to first unread message

Ben Wilson

unread,
Nov 3, 2023, 11:39:33 AM11/3/23
to public

All,


This email commences a six-week public discussion of D-Trust’s request to include the following CA certificates as publicly trusted root certificates in one or more CCADB Root Store Member’s program. This discussion period is scheduled to close on December 15, 2023.


The purpose of this public discussion process is to promote openness and transparency. However, each Root Store makes its inclusion decisions independently, on its own timelines, and based on its own inclusion criteria. Successful completion of this public discussion process does not guarantee any favorable action by any root store.  


Anyone with concerns or questions is urged to raise them on this CCADB Public list by replying directly in this discussion thread. Likewise, a representative of the applicant must promptly respond directly in the discussion thread to all questions that are posted.

CCADB Case Numbers:   # 1000 and # 1001

Organization Background Information (listed in CCADB):

Certificates Requested for Inclusion:

  1. D-Trust SBR Root CA 1 2022:

    • 384-bit ECC

    • Certificate download links: (CA Repository, crt.sh)

    • Use cases served/EKUs: 

      • Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4

      • Client Authentication 1.3.6.1.5.5.7.3.2

      • Document Signing AATL 1.2.840.113583.1.1.5

      • Document Signing MS 1.3.6.1.4.1.311.10.3.12


  1. D-Trust SBR Root CA 2 2022:

    • 4096-bit RSA

    • Certificate download links: (CA Repository, crt.sh)

    • Use cases served/EKUs: 

      • Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4

      • Client Authentication 1.3.6.1.5.5.7.3.2

      • Document Signing AATL 1.2.840.113583.1.1.5

      • Document Signing MS 1.3.6.1.4.1.311.10.3.12

Relevant Policy and Practices Documentation: 

Most Recent Self-Assessment / CPS Review:

Audit Statements:


Thank you,


Ben, on behalf of the CCADB Steering Committee

Ben Wilson

unread,
Nov 6, 2023, 12:02:47 PM11/6/23
to public

All,

Regarding the D-Trust Certification Practice Statement—instead of referencing the D-Trust Root PKI CPS, it should have referenced the CPS of the D-Trust CSM PKI, v.4.0, valid from 28-September-2023 (https://www.d-trust.net/internet/files/D-TRUST_CSM_PKI_CPS.pdf) (from 19 July 2023, the CSM PKI CPS applies to certificates with policy levels QEVCP-w, QNCP-w, EVCP, OVCP and LCP).

Also, it didn’t mention the following Bugzilla bugs opened in the past 24 months:

1756122

RESOLVED

[dv-misissuance]

1793440

RESOLVED

[crl-failure]

1861069

OPEN

[dv-misissuance]

1862082

OPEN

[leaf-revocation-delay]

 

Ben

Ben Wilson

unread,
Dec 8, 2023, 12:52:56 PM12/8/23
to public
Greetings,

This is a reminder that the public discussion period on the inclusion application of D-Trust will close next Friday, December 15, 2023.

Thank you,
Ben Wilson, on behalf of the CCADB Steering Committee

Ben Wilson

unread,
Dec 19, 2023, 1:11:19 PM12/19/23
to public

All,

On November 3, 2023, we began a six-week, public discussion[1] on the following root CA certificates issued by D-Trust:

  1. D-Trust SBR Root CA 1 2022:

    • 384-bit ECC

    • Certificate download links: (CA Repository, crt.sh)

    • Use cases served/EKUs: 

      • Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4

      • Client Authentication 1.3.6.1.5.5.7.3.2

      • Document Signing AATL 1.2.840.113583.1.1.5

      • Document Signing MS 1.3.6.1.4.1.311.10.3.12


  1. D-Trust SBR Root CA 2 2022:

    • 4096-bit RSA

    • Certificate download links: (CA Repository, crt.sh)

    • Use cases served/EKUs: 

      • Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4

      • Client Authentication 1.3.6.1.5.5.7.3.2

      • Document Signing AATL 1.2.840.113583.1.1.5

      • Document Signing MS 1.3.6.1.4.1.311.10.3.12

The public discussion period ended last Friday, December 15, 2023.

We did not receive any objections or other questions or comments in opposition to D-Trust’s request. We thank the community for its review and consideration during this period. Root Store Programs will make final inclusion decisions independently, on their own timelines, and based on each Root Store Member’s inclusion criteria. Further discussion may take place in the independently managed Root Store community forums (e.g. MDSP).

Thanks,

Ben Wilson

On behalf of the CCADB Steering Committee

[1] https://groups.google.com/a/ccadb.org/g/public/c/EPVczE_6oCc/m/s90nO9-EBAAJ
Reply all
Reply to author
Forward
0 new messages