D-Trust GmbH, a member of the Bundesdruckerei Group and wholly owned subsidiary of Bundesdruckerei GmbH (“D-Trust”)
This is to announce the beginning of the public discussion
phase of the Mozilla root CA inclusion process (https://wiki.mozilla.org/CA/Application_Process#Process_Overview
- Steps 4 through 9) for D-Trust’s inclusion requests for the following two (2) root CA
certificates:
D-TRUST BR Root CA 1 2020
Download - https://www.d-trust.net/cgi-bin/D-TRUST_BR_Root_CA_1_2020.crt
Bugzilla - https://bugzilla.mozilla.org/show_bug.cgi?id=1679256
CCADB - https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000688
crt.sh - https://crt.sh/?id=3699642382
D-TRUST EV Root CA 1 2020
Download - https://www.d-trust.net/cgi-bin/D-TRUST_EV_Root_CA_1_2020.crt
Bugzilla - https://bugzilla.mozilla.org/show_bug.cgi?id=1679258
CCADB - https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000689
crt.sh - https://crt.sh/?id=3699645135
Mozilla is considering approving D-Trust’s request(s) to add these roots as trust anchors with the websites trust bit enabled (and with EV for the D-TRUST EV Root CA 1 2020).
This email begins the 3-week comment period, after which, if no concerns are raised, we will close the discussion and the request may proceed to the approval phase (Step 10).
Repository: The D-Trust repository is located here: https://www.bundesdruckerei.de/en/Repository
Relevant Policy and Practices Documentation:
Trust Service Practice Statement (TSPS), Version 1.3 (2021-10-15): https://www.d-trust.net/internet/files/D-TRUST_TSPS.pdf
CPS of the Certificate Service Manager (CSM CPS), Version 3.5 (2021-12-17): https://www.d-trust.net/internet/files/D-TRUST_CSM_PKI_CPS.pdf
Root CPS, Version 3.5 (2021-10-15): https://www.d-trust.net/internet/files/D-TRUST_Root_PKI_CPS.pdf
Self-Assessments and Mozilla CPS Reviews are located as attachments in Bug #1679258:
D-TRUST_BR_Self_Assessment_D-TRUST_EV_Root_CA_1_2020_final.xlsx
Mozilla Review of D-TRUST Compliance Self-Assessment (xls)
D-TRUST_BR_Self_Assessment_D-TRUST_Mozilla_Review-D-TRUST-Response_Final.xlsx
Audits: Annual audits are performed by TÜV Informationstechnik GmbH. The most recent audits were completed for the period ending October 7, 2021:
in accordance with:
ETSI EN 319 411-1, V1.2.2 (2018-04)
ETSI EN 319 401, V2.2.1 (2018-04)
ETSI EN 319 403 V2.2.2 (2015-08)
ETSI TS 119 403-2 V1.2.4 (2020-11)
for:
EV SSL Certificate Guidelines, version 1.7.7
Baseline Requirements, version 1.7.9
Incidents
D-Trust has no open incidents in Bugzilla. The last incident (Bug #1691117: Certificate with RSA key where modulus is not divisible by 8) was closed on March 11, 2021.
I have no further questions or concerns about these inclusion requests, however I urge anyone with concerns or questions to raise them on this list by replying directly in this discussion thread. Likewise, a representative of D-Trust must promptly respond directly in the discussion thread to all questions that are posted.
Again, this email begins a three-week public discussion period, which I’m scheduling to close on or about January 28, 2022.
Sincerely yours,
Ben Wilson
Mozilla Root Program Manager
On January 6, 2022, we began a three-week public discussion[1] of D-Trust's requests for inclusion of its two root certificates, the D-TRUST BR Root CA 1 2020 and the D-TRUST EV Root CA 1 2020. (Step 4 of the Mozilla Root Store CA Application Process[2]).
Summary of Discussion and Completion of Action Items [Application Process, Steps 5-8]:
We did not receive any objections or other questions or comments in opposition to D-Trust’s requests. I do not believe that there are any action items for D-Trust to complete.
Close of Public Discussion and Intent to Approve [Application Process, Steps 9-10]:
This is notice that I am closing public discussion (Application Process, Step 9) and that it is Mozilla’s intent to approve D-Trust’s requests (Step 10).
This begins a 7-day “last call” period for any final objections.
Thanks,
Ben
[1] https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/0Ljc_EkPsiQ/m/9XLIROdXBAAJ
[2] https://wiki.mozilla.org/CA/Application_Process#Process_Overview