Fwd: Public Discussion of DigitalSign's Global Roots (email trust bit only)

183 views
Skip to first unread message

Ben Wilson

unread,
Jul 22, 2022, 12:40:35 AMJul 22
to dev-secur...@mozilla.org
Resending

---------- Forwarded message ---------
From: Ben Wilson <bwi...@mozilla.com>
Date: Thu, Jul 21, 2022 at 5:23 PM
Subject: Public Discussion of DigitalSign's Global Roots (email trust bit only)
To: dev-secur...@mozilla.org <dev-secur...@mozilla.org>


All,

This is to announce the beginning of the public discussion phase of the Mozilla root CA inclusion process (https://wiki.mozilla.org/CA/Application_Process#Process_Overview - Steps 4 through 9) for an inclusion request filed by DigitalSign - Certificadora Digital, S.A. (Bug # 1694421, CCADB Case # 737) for the following two (2) root CA certificates:

DIGITALSIGN GLOBAL ROOT RSA CA (email trust bit only)

https://crt.sh/?sha256=82BD5D851ACF7F6E1BA7BFCBC53030D0E7BC3C21DF772D858CAB41D199BDF595

http://root-rsa.digitalsign.pt/DIGITALSIGNGLOBALROOTRSACA.cer

DIGITALSIGN GLOBAL ROOT ECDSA CA (email trust bit only)

https://crt.sh/?sha256=261D7114AE5F8FF2D8C7209A9DE4289E6AFC9D717023D85450909199F1857CFE

http://root-ecdsa.digitalsign.pt/DIGITALSIGNGLOBALROOTECDSACA.cer

Repository: The DigitalSign document repository is located here:

http://pki.digitalsign.pt/

Certification Practices Statement:

Certification Practice Statement, v. 1.5, dated May 18, 2022

https://pki.digitalsign.pt/ROOT%20CA%20-%20CPS_V1.5.pdf

CPS Review is located here:  https://bugzilla.mozilla.org/show_bug.cgi?id=1694421#c17

Value-vs-Risk Justification from DigitalSign - see https://bugzilla.mozilla.org/attachment.cgi?id=9286196  

Audits:  The most recent audit report currently available, dated September 22, 2021, was performed by CSQA in accordance with ETSI EN 319 411-1, V1.3.1 (2021-05) and ETSI EN 319 411-2, V2.3.1 (2021-05) for the period July 23, 2020, through July 22, 2021.  See https://www.csqa.it/getattachment/Servizi-e-Sicurezza-IT/Documenti/Attestazione-di-Audit-secondo-i-requisiti-ETSI/Attestation-DigitalSign-2021-14875-rev-1-signed.pdf.aspx?lang=it-IT.

I have no further questions or concerns about DigitalSign’s inclusion request; however, I urge anyone with concerns or questions to raise them on this list by replying directly in this discussion thread. Likewise, a representative of DigitalSign must promptly respond directly in the discussion thread to all questions that are posted.

This email begins the 3-week comment period, which I’m scheduling to close on or about Friday, August 12, 2022, after which, if no concerns are raised, we will close the discussion and the request may proceed to the approval phase (Step 10).

Sincerely yours,

Ben Wilson

Mozilla Root Store Program

Ben Wilson

unread,
Jul 22, 2022, 2:11:56 PMJul 22
to dev-secur...@mozilla.org

Ben Wilson

unread,
Aug 15, 2022, 12:52:24 PMAug 15
to dev-secur...@mozilla.org

All,

On July 21, 2022, we began a three-week public discussion period[1] on the request from DigitalSign for inclusion of its two root certificates with only the email trust bit to be enabled--the DigitalSign Global Root RSA CA and the DigitalSign Global Root ECDSA CA. (Step 4 of the Mozilla Root Store CA Application Process[2]). 

Summary of Discussion and Completion of Action Items [Application Process, Steps 5-8]:  

We did not receive any objections or other questions or comments in opposition to DigitalSign’s request. I do not believe that there are any action items for DigitalSign to complete.

Close of Public Discussion and Intent to Approve [Application Process, Steps 9-10]: 

This is notice that I am closing public discussion (Application Process, Step 9) and that it is Mozilla’s intent to approve DigitalSign’s request (Step 10). 

This begins a 7-day “last call” period for any final objections.

Thanks,

Ben


[1] https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/Ajm_a5GKHCU/m/LO961rHVAAAJ

[2] https://wiki.mozilla.org/CA/Application_Process#Process_Overview

Reply all
Reply to author
Forward
0 new messages