All,
This is to announce the beginning of the public discussion phase of the Mozilla root CA inclusion process (https://wiki.mozilla.org/CA/Application_Process#Process_Overview - Steps 4 through 9) for an inclusion request filed by DigitalSign - Certificadora Digital, S.A. (Bug # 1694421, CCADB Case # 737) for the following two (2) root CA certificates:
DIGITALSIGN GLOBAL ROOT RSA CA (email trust bit only)
https://crt.sh/?sha256=82BD5D851ACF7F6E1BA7BFCBC53030D0E7BC3C21DF772D858CAB41D199BDF595
http://root-rsa.digitalsign.pt/DIGITALSIGNGLOBALROOTRSACA.cer
DIGITALSIGN GLOBAL ROOT ECDSA CA (email trust bit only)
https://crt.sh/?sha256=261D7114AE5F8FF2D8C7209A9DE4289E6AFC9D717023D85450909199F1857CFE
http://root-ecdsa.digitalsign.pt/DIGITALSIGNGLOBALROOTECDSACA.cer
Repository: The DigitalSign document repository is located here:
Certification Practices Statement:
Certification Practice Statement, v. 1.5, dated May 18, 2022
https://pki.digitalsign.pt/ROOT%20CA%20-%20CPS_V1.5.pdf
CPS Review is located here: https://bugzilla.mozilla.org/show_bug.cgi?id=1694421#c17
Value-vs-Risk Justification from DigitalSign - see https://bugzilla.mozilla.org/attachment.cgi?id=9286196
Audits: The most recent audit report currently available, dated September 22, 2021, was performed by CSQA in accordance with ETSI EN 319 411-1, V1.3.1 (2021-05) and ETSI EN 319 411-2, V2.3.1 (2021-05) for the period July 23, 2020, through July 22, 2021. See https://www.csqa.it/getattachment/Servizi-e-Sicurezza-IT/Documenti/Attestazione-di-Audit-secondo-i-requisiti-ETSI/Attestation-DigitalSign-2021-14875-rev-1-signed.pdf.aspx?lang=it-IT.
I have no further questions or concerns about DigitalSign’s inclusion request; however, I urge anyone with concerns or questions to raise them on this list by replying directly in this discussion thread. Likewise, a representative of DigitalSign must promptly respond directly in the discussion thread to all questions that are posted.
This email begins the 3-week comment period, which I’m scheduling to close on or about Friday, August 12, 2022, after which, if no concerns are raised, we will close the discussion and the request may proceed to the approval phase (Step 10).
Sincerely yours,
Ben Wilson
Mozilla Root Store Program
All,
On July 21, 2022, we began a three-week public discussion period[1] on the request from DigitalSign for inclusion of its two root certificates with only the email trust bit to be enabled--the DigitalSign Global Root RSA CA and the DigitalSign Global Root ECDSA CA. (Step 4 of the Mozilla Root Store CA Application Process[2]).
Summary of Discussion and Completion of Action Items [Application Process, Steps 5-8]:
We did not receive any objections or other questions or comments in opposition to DigitalSign’s request. I do not believe that there are any action items for DigitalSign to complete.
Close of Public Discussion and Intent to Approve [Application Process, Steps 9-10]:
This is notice that I am closing public discussion (Application Process, Step 9) and that it is Mozilla’s intent to approve DigitalSign’s request (Step 10).
This begins a 7-day “last call” period for any final objections.
Thanks,
Ben
[1] https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/Ajm_a5GKHCU/m/LO961rHVAAAJ
[2] https://wiki.mozilla.org/CA/Application_Process#Process_Overview