Public Discussion of ISRG/Let's Encrypt's Inclusion Request

[Ben Wilson]

A root inclusion request has been submitted by Internet Security Research Group (Let’s Encrypt). This is to announce the beginning of the public discussion phase of the Mozilla root CA inclusion process (see https://wiki.mozilla.org/CA/Application_Process#Process_Overview (Steps 4 through 9) to add the ISRG Root X2 (EC secp384r1) to the root store in order for Let's Encrypt to be able to provide a full chain with ECDSA support.

The application has been tracked in the CCADB and in Bugzilla as follows:  

https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000749

https://bugzilla.mozilla.org/show_bug.cgi?id=1701317

Mozilla is considering approving ISRG’s inclusion request. This email begins a 3-week comment period, after which, if no concerns are raised, we will close the discussion and the request may proceed to the approval phase (Step 10).

Root Certificate Information:

ISRG Root X2

https://crt.sh/?q=69729B8E15A86EFC177A57AFB7171DFC64ADD28C2FCA8CF1507E34453CCB1470

    Download –  https://letsencrypt.org/certs/isrg-root-x2.pem

 

CP/CPS:   

The current CP and CPS were published August 20, 2021 –

CP- https://letsencrypt.org/documents/isrg-cp-v3.1/

CPS- https://letsencrypt.org/documents/isrg-cps-v4.1/

Most Recent CP/CPS review - https://bugzilla.mozilla.org/show_bug.cgi?id=1701317#c8

Repository location:   https://letsencrypt.org/repository/

 

Audits: 

ISRG’s WebTrust auditor is Schellman & Company, LLC.  ISRG’s last audit report was dated October 2, 2020. 

The 2020 WebTrust audits (PDF) may be downloaded here:

Standard - https://www.cpacanada.ca/generichandlers/CPACHandler.ashx?attachmentid=247931

BR - https://www.cpacanada.ca/generichandlers/CPACHandler.ashx?attachmentid=247932

ISRG incidents since January 1, 2020, include the following:

1619047	CAA Rechecking bug	Fixed
1619179	Incomplete revocation for CAA rechecking bug	Fixed
1625322	Failure to revoke key-compromised certificates within 24 hours	Fixed
1627614	Failure to revoke key-compromised certificates within 24 hours	Fixed
1639794	Failure to revoke key-compromised certificate within 24 hours	Fixed
1645276	Expired ISRG Root OCSP X1 Certificate	Fixed
1648840	OCSP responses with no revocationReason	Fixed
1666047	302 total OCSP responses available beyond acceptable timelines	Fixed
1684112	Failure to audit log subscriber certificate OCSP updates	Fixed
1715455	certificate lifetimes 90 days plus one second	Open
1715672	Failure to revoke for Certificate Lifetime Incident	Open
1729567	Delay updating OCSP responses	Open

 

Thus, this email begins a three-week public discussion period, which I’m scheduling to close on or about 11-October-2021.

A representative of ISRG/Let’s Encrypt must promptly respond directly in the discussion thread to all questions that are posted.

 

Sincerely yours,

Ben Wilson

Mozilla Root Program

[Ben Wilson]

On September 20, 2021, we began a three-week public discussion[1] on a request from ISRG/Let’s Encrypt for inclusion of its ECDSA root certificate, the ISRG Root X2.[2] (Step 4 of the Mozilla Root Store CA Application Process[3]). 

Summary of Discussion and Completion of Action Items [Application Process, Steps 5-8]:  

Today I closed bug #1729567 (Delay updating OCSP responses) because ISRG has, among other improvements, updated its internal monitoring and alerting to ensure maintenance of timely OCSP responses. (ISRG had served OCSP responses which had not been updated in the previous 4 days, in violation of the Baseline Requirements, Section 4.9.10.)

ISRG currently has the following remaining bugs open:

1715455	Issuance of certificates with an extra second beyond the lifetime stated by ISRG in its own CP/CPS. This was not a violation of the Baseline Requirements. The ISRG CP and CPS have been revised for consistency with actual practice. I consider this matter to be mostly addressed, pending resolution of Bug #1715672, below. (Also, ISRG is developing a retrospective review of its historical CA Compliance incidents.)
1715672	Related to Bug #1715455 above. ISRG has declared its intent to not revoke these certificates. ISRG will test an additional fix (by removing the one additional second in the validity period) in its staging environment on or by 2021-11-12.
1735247	As of 2021-10-01, the Baseline Requirements require that “the Fully-Qualified Domain Name or the FQDN portion of the Wildcard Domain Name MUST consist solely of Domain Labels that are P-Labels or Non-Reserved LDH Labels”.  ISRG mis-issued 7 certificates that were non-compliant with domain labels like a---foo (Reserved Labels that were not P-Labels). ISRG immediately patched its issuance software. It is implementing a pre-issuance lint check, as an additional measure, and I intend to close this bug on or about next Wed. 20-Oct-2021, unless there are any objections or further questions.

 

We did not receive any objections or other questions or comments in opposition to ISRG’s request. I do not believe that the issues listed above merit a delay in Mozilla’s approval decision, and any further discussion of these issues can take place in their respective Bugzilla bugs.

Close of Public Discussion and Intent to Approve [Application Process, Steps 9-10]: 

This is notice that I am closing public discussion (Application Process, Step 9) and that it is Mozilla’s intent to approve ISRG’s/Let’s Encrypt’s request (Step 10). 

This begins a 7-day “last call” period for any final objections.

Thanks,

Ben

[1] https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/D8coPL0eU3k/m/bE_aRuWxCAAJ

[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1701317

[3] https://wiki.mozilla.org/CA/Application_Process#Process_Overview