All,
This email commences a six-week public discussion of D-Trust’s request to include the following CA certificates as publicly trusted root certificates in one or more CCADB Root Store Member’s program. This discussion period is scheduled to close on December 15, 2023.
The purpose of this public discussion process is to promote openness and transparency. However, each Root Store makes its inclusion decisions independently, on its own timelines, and based on its own inclusion criteria. Successful completion of this public discussion process does not guarantee any favorable action by any root store.
Anyone with concerns or questions is urged to raise them on this CCADB Public list by replying directly in this discussion thread. Likewise, a representative of the applicant must promptly respond directly in the discussion thread to all questions that are posted.
CCADB Case Numbers: # 1000 and # 1001
Organization Background Information (listed in CCADB):
CA Owner Name: D-Trust GmbH
Website: https://www.d-trust.net/en
Address: Kommandantenstr. 15, Berlin, 10969, Germany
Problem Reporting Mechanisms:
Organization Type: D-Trust GmbH is a subsidiary of the Bundesdruckerei Group GmbH (bdr) and is fully owned by the German State.
Repository URL: https://www.bundesdruckerei.de/en/Repository
Certificates Requested for Inclusion:
D-Trust SBR Root CA 1 2022:
384-bit ECC
Certificate download links: (CA Repository, crt.sh)
Use cases served/EKUs:
Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
Client Authentication 1.3.6.1.5.5.7.3.2
Document Signing AATL 1.2.840.113583.1.1.5
Document Signing MS 1.3.6.1.4.1.311.10.3.12
D-Trust SBR Root CA 2 2022:
4096-bit RSA
Certificate download links: (CA Repository, crt.sh)
Use cases served/EKUs:
Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
Client Authentication 1.3.6.1.5.5.7.3.2
Document Signing AATL 1.2.840.113583.1.1.5
Document Signing MS 1.3.6.1.4.1.311.10.3.12
Relevant Policy and Practices Documentation:
Certificate Policy - CP of D-Trust GmbH, v.5.1, valid from 28-Sept-2023
Trust Services Practice Statement - TSPS of D-Trust, v.1.8, valid from 28-Sept-2023
Certification Practice Statement - CPS of the D-Trust Root PKI, v.3.10, valid from 31-May-2023
Most Recent Self-Assessment / CPS Review:
D-Trust - CCADB Self Assessment (v1.2) 2023 (XLS) (2-November-2023)
Audit Statements:
Auditor: TÜV Informationstechnik GmbH
Audit Criteria:
ETSI EN 319 411-1, V1.3.1 (2021-05)
ETSI EN 319 401, V2.3.1 (2021-05)
Baseline Requirements, version 1.8.4
ETSI EN 319 403 V2.2.2 (2015-08)
ETSI TS 119 403-2 V1.2.4 (2020-11)
Date of Audit Issuance: December 16, 2022
For Period of Time: 2022-07-06 to 2022-10-07
Audit Statement(s):
Thank you,
Ben, on behalf of the CCADB Steering Committee
All,
Regarding the D-Trust Certification Practice Statement—instead of referencing the D-Trust Root PKI CPS, it should have referenced the CPS of the D-Trust CSM PKI, v.4.0, valid from 28-September-2023 (https://www.d-trust.net/internet/files/D-TRUST_CSM_PKI_CPS.pdf) (from 19 July 2023, the CSM PKI CPS applies to certificates with policy levels QEVCP-w, QNCP-w, EVCP, OVCP and LCP).
Also, it didn’t mention the following Bugzilla bugs opened in the past 24 months:
RESOLVED |
[dv-misissuance] |
||
RESOLVED |
[crl-failure] |
||
OPEN |
[dv-misissuance] |
||
OPEN |
[leaf-revocation-delay] |
Ben
All,
On November 3, 2023, we began a six-week, public discussion[1] on the following root CA certificates issued by D-Trust:
D-Trust SBR Root CA 1 2022:
384-bit ECC
Certificate download links: (CA Repository, crt.sh)
Use cases served/EKUs:
Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
Client Authentication 1.3.6.1.5.5.7.3.2
Document Signing AATL 1.2.840.113583.1.1.5
Document Signing MS 1.3.6.1.4.1.311.10.3.12
D-Trust SBR Root CA 2 2022:
4096-bit RSA
Certificate download links: (CA Repository, crt.sh)
Use cases served/EKUs:
Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4
Client Authentication 1.3.6.1.5.5.7.3.2
Document Signing AATL 1.2.840.113583.1.1.5
Document Signing MS 1.3.6.1.4.1.311.10.3.12
The public discussion period ended last Friday, December 15, 2023.
We did not receive any objections or other questions or comments in opposition to D-Trust’s request. We thank the community for its review and consideration during this period. Root Store Programs will make final inclusion decisions independently, on their own timelines, and based on each Root Store Member’s inclusion criteria. Further discussion may take place in the independently managed Root Store community forums (e.g. MDSP).
Thanks,
Ben Wilson
On behalf of the CCADB Steering Committee
[1] https://groups.google.com/a/ccadb.org/g/public/c/EPVczE_6oCc/m/s90nO9-EBAAJ