info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Summary of August 2016 Audit Reminder Emails
95 views
Skip to first unread message
Kathleen Wilson
Aug 16, 2016, 3:43:18 PM8/16/16
to mozilla-dev-s...@lists.mozilla.org
All,
As you know, the CA Community in Salesforce (aka Common CA Database)
automatically sends audit reminder emails to CAs in Mozilla’s root store
with overdue audit statements on the 3rd Tuesday of each month.
As requested, here is a summary of the audit-reminder emails that were
sent today.
Kathleen
—
Root Certificates:
Autoridad de Certificacion Firmaprofesional CIF A62634068
Standard Audit: https://cert.webtrust.org/SealFile?seal=2032&file=pdf
Audit Statement Date: 2016-04-11
BR Audit: NONE!
BR Audit Statement Date:
EV Audit: https://cert.webtrust.org/SealFile?seal=1847&file=pdf
EV Audit Statement Date: 2015-03-11
CA Comments: we have presented the action plan to auditors (for BR and
EV audits) and we are dealing with two findings that we do not agree with:
1) Law in Spain repealed recently, but old law regulated the profile for
some specific certificates, and required private extensions in the SAN
-- conflicts BR and EV Guidelines.
2) jurisdictionOfIncorporation should be PrintableString coded, but we
code it in UTF8: we fail to understand this requirement when UTF8 is
more recent and to encode that particular field with UTF8 will not cause
any interoperability problems: coding that ISO country information in
the jurisdictionOfIncorporation field with UTF8 or PrintableString will
result in the same data, so we do not see the of using an old
codification like PrintableString instead of the more recent and mainly
recommended UTF8.
So much comes the international trend to use UTF8 that some
manufacturers, such as PrimeKey with EJBCA, is the one and only that is
allowed for "custom extensions" and do not allow PrintableString in its
Community Edition.
—
Root Certificates:
Certinomis - Root CA
Certinomis - Autorité Racine
Standard Audit:
http://www.lsti-certification.fr/images/liste_entreprise/Liste%20PSCe.pdf
Audit Statement Date: 2015-04-03
BR Audit: https://bugzilla.mozilla.org/attachment.cgi?id=8652034
BR Audit Statement Date: 2015-04-03
CA Comments: On 5/18/16 9:55 AM, LEROY Franck wrote:
> Our annual audit has been done last week.
> As soon as we have the audit assessment report, I’ll send it to you.
—
Root Certificates:
OpenTrust Root CA G1
OpenTrust Root CA G2
Certplus Root CA G1
Class 2 Primary CA
OpenTrust Root CA G3
Certplus Root CA G2
Standard Audit:
http://www.lsti-certification.fr/images/liste_entreprise/Liste%20PSCe.pdf
Audit Statement Date: 2015-04-09
BR Audit: https://bug1025095.bugzilla.mozilla.org/attachment.cgi?id=8590352
BR Audit Statement Date: 2015-04-09
EV Audit:
http://www.lsti-certification.fr/images/liste_entreprise/Liste%20PSCe.pdf
EV Audit Statement Date: 2015-04-09
CA Comments: We passed our last audit in February-March 2016, and we’re
now waiting for the audit attestation to be produced.
I sent them an email last week, but the person responsible for the
production of the authoritative attestation is on holidays until end of
August. In the meantime, the list of all our audited and compliant CAs
is still at «
http://www.lsti-certification.fr/images/liste_entreprise/Liste%20PSCe »
in the « DOCUSIGN FRANCE » section.
-
Root Certificates:
Chambers of Commerce Root
Chambers of Commerce Root - 2008
Global Chambersign Root
Global Chambersign Root - 2008
Standard Audit:
https://bug986854.bmoattachments.org/attachment.cgi?id=8775118
Audit Statement Date: 2016-06-17
Standard Audit:
https://bug986854.bmoattachments.org/attachment.cgi?id=8775118
Audit Statement Date: 2016-07-17
BR Audit: https://cert.webtrust.org/SealFile?seal=1925&file=pdf
BR Audit Statement Date: 2015-06-17
EV Audit: https://cert.webtrust.org/SealFile?seal=1926&file=pdf
EV Audit Statement Date: 2015-06-17
CA Comments: I will provide you the audit report for EV a BR in a couple
of weeks.
-
Root Certificates:
PSCProcert
Standard Audit:
https://bug593805.bmoattachments.org/attachment.cgi?id=8644056
Audit Statement Date: 2015-06-30
BR Audit: https://bug593805.bmoattachments.org/attachment.cgi?id=8644056
BR Audit Statement Date: 2015-06-30
CA Comments:
-
Root Certificates:
Atos TrustedRoot 2011
Standard Audit:
https://www.mydqs.com/kunden/kundendatenbank.html?aoemydqs%5Bcompany_no%5D=334220&aoemydqs%5Baction%5D=singleView&cHash=c086db2a2cd03a17407d1f2712ab2dd4
Audit Statement Date: 2015-07-01
BR Audit:
https://www.mydqs.com/kunden/kundendatenbank.html?aoemydqs%5Bcompany_no%5D=334220&aoemydqs%5Baction%5D=singleView&cHash=c086db2a2cd03a17407d1f2712ab2dd4
BR Audit Statement Date: 2015-07-01
CA Comments:
-
Root Certificates:
ACCVRAIZ1
Root CA Generalitat Valenciana
Standard Audit: https://cert.webtrust.org/SealFile?seal=1908&file=pdf
Audit Statement Date: 2015-07-17
BR Audit: https://cert.webtrust.org/SealFile?seal=1908&file=pdf
BR Audit Statement Date: 2015-07-17
CA Comments:
-
As you know, the CA Community in Salesforce (aka Common CA Database)
automatically sends audit reminder emails to CAs in Mozilla’s root store
with overdue audit statements on the 3rd Tuesday of each month.
As requested, here is a summary of the audit-reminder emails that were
sent today.
Kathleen
—
Root Certificates:
Autoridad de Certificacion Firmaprofesional CIF A62634068
Standard Audit: https://cert.webtrust.org/SealFile?seal=2032&file=pdf
Audit Statement Date: 2016-04-11
BR Audit: NONE!
BR Audit Statement Date:
EV Audit: https://cert.webtrust.org/SealFile?seal=1847&file=pdf
EV Audit Statement Date: 2015-03-11
CA Comments: we have presented the action plan to auditors (for BR and
EV audits) and we are dealing with two findings that we do not agree with:
1) Law in Spain repealed recently, but old law regulated the profile for
some specific certificates, and required private extensions in the SAN
-- conflicts BR and EV Guidelines.
2) jurisdictionOfIncorporation should be PrintableString coded, but we
code it in UTF8: we fail to understand this requirement when UTF8 is
more recent and to encode that particular field with UTF8 will not cause
any interoperability problems: coding that ISO country information in
the jurisdictionOfIncorporation field with UTF8 or PrintableString will
result in the same data, so we do not see the of using an old
codification like PrintableString instead of the more recent and mainly
recommended UTF8.
So much comes the international trend to use UTF8 that some
manufacturers, such as PrimeKey with EJBCA, is the one and only that is
allowed for "custom extensions" and do not allow PrintableString in its
Community Edition.
—
Root Certificates:
Certinomis - Root CA
Certinomis - Autorité Racine
Standard Audit:
http://www.lsti-certification.fr/images/liste_entreprise/Liste%20PSCe.pdf
Audit Statement Date: 2015-04-03
BR Audit: https://bugzilla.mozilla.org/attachment.cgi?id=8652034
BR Audit Statement Date: 2015-04-03
CA Comments: On 5/18/16 9:55 AM, LEROY Franck wrote:
> Our annual audit has been done last week.
> As soon as we have the audit assessment report, I’ll send it to you.
—
Root Certificates:
OpenTrust Root CA G1
OpenTrust Root CA G2
Certplus Root CA G1
Class 2 Primary CA
OpenTrust Root CA G3
Certplus Root CA G2
Standard Audit:
http://www.lsti-certification.fr/images/liste_entreprise/Liste%20PSCe.pdf
Audit Statement Date: 2015-04-09
BR Audit: https://bug1025095.bugzilla.mozilla.org/attachment.cgi?id=8590352
BR Audit Statement Date: 2015-04-09
EV Audit:
http://www.lsti-certification.fr/images/liste_entreprise/Liste%20PSCe.pdf
EV Audit Statement Date: 2015-04-09
CA Comments: We passed our last audit in February-March 2016, and we’re
now waiting for the audit attestation to be produced.
I sent them an email last week, but the person responsible for the
production of the authoritative attestation is on holidays until end of
August. In the meantime, the list of all our audited and compliant CAs
is still at «
http://www.lsti-certification.fr/images/liste_entreprise/Liste%20PSCe »
in the « DOCUSIGN FRANCE » section.
-
Root Certificates:
Chambers of Commerce Root
Chambers of Commerce Root - 2008
Global Chambersign Root
Global Chambersign Root - 2008
Standard Audit:
https://bug986854.bmoattachments.org/attachment.cgi?id=8775118
Audit Statement Date: 2016-06-17
Standard Audit:
https://bug986854.bmoattachments.org/attachment.cgi?id=8775118
Audit Statement Date: 2016-07-17
BR Audit: https://cert.webtrust.org/SealFile?seal=1925&file=pdf
BR Audit Statement Date: 2015-06-17
EV Audit: https://cert.webtrust.org/SealFile?seal=1926&file=pdf
EV Audit Statement Date: 2015-06-17
CA Comments: I will provide you the audit report for EV a BR in a couple
of weeks.
-
Root Certificates:
PSCProcert
Standard Audit:
https://bug593805.bmoattachments.org/attachment.cgi?id=8644056
Audit Statement Date: 2015-06-30
BR Audit: https://bug593805.bmoattachments.org/attachment.cgi?id=8644056
BR Audit Statement Date: 2015-06-30
CA Comments:
-
Root Certificates:
Atos TrustedRoot 2011
Standard Audit:
https://www.mydqs.com/kunden/kundendatenbank.html?aoemydqs%5Bcompany_no%5D=334220&aoemydqs%5Baction%5D=singleView&cHash=c086db2a2cd03a17407d1f2712ab2dd4
Audit Statement Date: 2015-07-01
BR Audit:
https://www.mydqs.com/kunden/kundendatenbank.html?aoemydqs%5Bcompany_no%5D=334220&aoemydqs%5Baction%5D=singleView&cHash=c086db2a2cd03a17407d1f2712ab2dd4
BR Audit Statement Date: 2015-07-01
CA Comments:
-
Root Certificates:
ACCVRAIZ1
Root CA Generalitat Valenciana
Standard Audit: https://cert.webtrust.org/SealFile?seal=1908&file=pdf
Audit Statement Date: 2015-07-17
BR Audit: https://cert.webtrust.org/SealFile?seal=1908&file=pdf
BR Audit Statement Date: 2015-07-17
CA Comments:
-
Kurt Roeckx
Aug 17, 2016, 5:18:03 AM8/17/16
to mozilla-dev-s...@lists.mozilla.org
On 2016-08-16 21:42, Kathleen Wilson wrote:
> Root Certificates:
> Autoridad de Certificacion Firmaprofesional CIF A62634068
[...]
> Root Certificates:
> Autoridad de Certificacion Firmaprofesional CIF A62634068
> 2) jurisdictionOfIncorporation should be PrintableString coded, but we
> code it in UTF8: we fail to understand this requirement when UTF8 is
> more recent and to encode that particular field with UTF8 will not cause
> any interoperability problems: coding that ISO country information in
> the jurisdictionOfIncorporation field with UTF8 or PrintableString will
> result in the same data, so we do not see the of using an old
> codification like PrintableString instead of the more recent and mainly
> recommended UTF8.
> So much comes the international trend to use UTF8 that some
> manufacturers, such as PrimeKey with EJBCA, is the one and only that is
> allowed for "custom extensions" and do not allow PrintableString in its
> Community Edition.
I don't think there is a jurisdictionOfIncorporation, but there are:
> code it in UTF8: we fail to understand this requirement when UTF8 is
> more recent and to encode that particular field with UTF8 will not cause
> any interoperability problems: coding that ISO country information in
> the jurisdictionOfIncorporation field with UTF8 or PrintableString will
> result in the same data, so we do not see the of using an old
> codification like PrintableString instead of the more recent and mainly
> recommended UTF8.
> So much comes the international trend to use UTF8 that some
> manufacturers, such as PrimeKey with EJBCA, is the one and only that is
> allowed for "custom extensions" and do not allow PrintableString in its
> Community Edition.
- jurisdictionLocalityName
- jurisdictionStateOrProvinceName
- jurisdictionCountryName
Only jurisdictionCountryName should be a PrintableString, it's the only
option that's allowed, it just contains the 2 character country code
that can always be encoded as a PrintableString. For the other UTF-8 is
fine.
If EJBCA doesn't let you use PrintableString for it, it is open source,
you can modify it yourself.
Kurt
0 new messages