Google's S/Mime trusted list Inclusion

1,788 views
Skip to first unread message

Francisco Marques

unread,
Jun 2, 2023, 1:32:50 PM6/2/23
to CCADB Public

Hello All,

My name is Francisco Marques and I'm speaking on behalf of DigitalSign.

DigitalSign is a European eIDAS QTSP, which currently already has 2 root CAs included in Mozilla trusted list.

The reason I'm opening this chat is due to the fact that DigitalSign s trying to apply for the inclusion of its issuing CAs into the trusted store for Gmail S/MIME (the end user certificates are S/MIME certificates used for digital signature and email signature).

Additional info: https://support.google.com/a/answer/7448393

Unfortunately, we are unable to proceed due to contact absence and lack of reply on the general contacts.

Since there's no specific channel for this subject, we will be grateful for any help/information anyone can give/share with us.

Thank you very much!

Best regards,

Francisco Marques, speaking on behalf of DigitalSign.


Ryan Dickson

unread,
Jun 2, 2023, 1:47:26 PM6/2/23
to Francisco Marques, CCADB Public
Hi Francisco,

We've engaged with our colleagues who manage the set of CA certificates trusted by Gmail for S/MIME on your behalf. 

Someone should reach out to you shortly.

Thanks,
Ryan

--
You received this message because you are subscribed to the Google Groups "CCADB Public" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public+un...@ccadb.org.
To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/ee34eaf3-1184-496b-9583-ad059f4554dfn%40ccadb.org.

Antti Backman

unread,
Jun 5, 2023, 3:38:12 AM6/5/23
to CCADB Public, Ryan Dickson, CCADB Public, Francisco Marques
Hi,

We're experiencing similar challengies, so would it be possible to have the same help for us also, thanks

Antti Backman, on behalf of Telia Company.

dr. Szőke Sándor

unread,
Jun 5, 2023, 4:30:27 AM6/5/23
to Antti Backman, CCADB Public, Ryan Dickson, Francisco Marques

Hi,

 

we would need the same contact information too.

 

Microsec is already included on the trusted CA list for S/MIME with one Root certificate, but we set up a new ECC based hierarchy in 2017, and we would like to finish the transition to this hierarchy.

 

We tried to contact Google in March but we had no success.

 

Sándor

Ryan Dickson

unread,
Jun 16, 2023, 9:20:41 AM6/16/23
to dr. Szőke Sándor, Antti Backman, CCADB Public, Francisco Marques
Hi all,

We're still working with our colleagues within Google to identify an appropriate POC to help with these requests.

We appreciate your continued patience and will follow up as soon as possible.

- Ryan

Francisco Marques

unread,
Jun 21, 2023, 11:27:45 AM6/21/23
to CCADB Public, Ryan Dickson, CCADB Public

Hi Ryan,
DigitalSign thanks you for the efforts on helping us on this subject.
We will wait for additional information.
Best regards,
Francisco Marques.

Ryan Dickson

unread,
Jun 22, 2023, 3:28:57 PM6/22/23
to Francisco Marques, CCADB Public

Hi all,


Following-up: The Gmail Team is planning an update to this page to help better answer the community's questions and help action CA inclusion requests.


In the interim, they created this form to allow interested parties to connect with members of the Gmail Team.


We've also directly shared the list of POCs who expressed interest in S/MIME for Gmail 1) on this thread and 2) at the recent CA/Browser Forum Face-to-Face. I encourage all interested parties to respond to the form, regardless of whether they've previously expressed interest. 


Thank you for your patience!


- Ryan



e-commerce monitoring (Trust2Go)

unread,
Sep 25, 2023, 4:34:47 AM9/25/23
to CCADB Public, Ryan Dickson, CCADB Public, Francisco Marques
Hi all,
Is there any update?
For us It's been 3 years since we contacted gmail the first time.
Best,
Daniel
GLOBALTRUST

Rob Stradling

unread,
Apr 9, 2024, 12:00:59 PMApr 9
to Ryan Dickson, CCADB Public
Hi Ryan.  That page is still dated February 2020, and despite filling in that form in June 2023 we have not been contacted by the Gmail Team.

Are you able to share any updates or even ETAs from your side?  Is the Gmail Team still planning to "action CA inclusion requests"?

Thanks in advance for any help you can provide.


From: 'Ryan Dickson' via CCADB Public <pub...@ccadb.org>
Sent: 22 June 2023 20:28
To: Francisco Marques <franciscom...@gmail.com>
Cc: CCADB Public <pub...@ccadb.org>

Subject: Re: Google's S/Mime trusted list Inclusion
 
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Andy Warner

unread,
Apr 9, 2024, 1:27:36 PMApr 9
to Rob Stradling, Ryan Dickson, CCADB Public
The Gmail team is currently working on an update. We've passed along suggestions about improving comms back to submitters and providing public info about their update cadence.

Erhan Nergiz

unread,
Apr 10, 2024, 1:22:18 PMApr 10
to CCADB Public, Andy Warner, Ryan Dickson, CCADB Public, Rob Stradling, Nicolas Lidzborski␄
Hi,

An update of Gmail’s S/MIME trusted roots is currently underway, and we expect the updated trust list to land in approximately 4 weeks. At that time, the list of trusted certificates disclosed to https://support.google.com/a/answer/7448393?hl=en will be updated and we will follow up with this community.
For the time being, while we continue to consider resourcing and operationalizing a dedicated root program like we see with Chrome’s, we will plan regular updates to this list following the set of S/MIME roots trusted by NSS.
 
Thanks,
Erhan, on behalf of the Gmail Security team

Rob Stradling

unread,
Apr 10, 2024, 2:04:09 PMApr 10
to Erhan Nergiz, CCADB Public, Andy Warner, Ryan Dickson, Nicolas Lidzborski␄
Thanks Erhan!  That's excellent news!

> At that time, the list of trusted certificates disclosed to https://support.google.com/a/answer/7448393?hl=en will be updated

Whilst you're preparing this update, please also review/update the CA Owner names on that page.  (I'm particularly keen to see "Comodo" updated to "Sectigo" :-) ).


From: Erhan Nergiz <ane...@google.com>
Sent: 10 April 2024 18:19
To: CCADB Public <pub...@ccadb.org>
Cc: Andy Warner <awa...@google.com>; Ryan Dickson <ryand...@google.com>; CCADB Public <pub...@ccadb.org>; Rob Stradling <r...@sectigo.com>; Nicolas Lidzborski␄ <nl...@google.com>
Reply all
Reply to author
Forward
0 new messages