Public Discussion for Inclusion of e-commerce monitoring's GLOBALTRUST 2020 Root

318 views
Skip to first unread message

Ben Wilson

unread,
Feb 4, 2021, 6:39:58 PM2/4/21
to mozilla-dev-security-policy
This is to announce the beginning of the public discussion phase (
https://wiki.mozilla.org/CA/Application_Process#Process_Overview, (Steps 4
through 9)) of the Mozilla root CA inclusion process for e-commerce
monitoring GmbH’s GLOBALTRUST 2020 Root CA.

e-commerce monitoring operates as "GlobalTrust", which was previously
operated by Austrian Society for Data Protection - Arge Daten. According to
the Applicant, Arge-Daten was the owner of the older "GlobalTrust" roots,
which are not part of this application. This application has been tracked
in the CCADB and in Bugzilla -
https://bugzilla.mozilla.org/show_bug.cgi?id=1627552.

e-commerce monitoring’s GLOBALTRUST 2020 Root is proposed for inclusion
with the websites trust bit (with EV) and the email trust bit.

Mozilla is considering approving e-commerce monitoring’s request. This
email begins the 3-week comment period, after which, if no concerns are
raised, we will close the discussion and the request may proceed to the
approval phase (Step 10).

*A Summary of Information Gathered and Verified appears here in this CCADB
case:*

https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000568

*Root Certificate Information:*

GLOBALTRUST 2020 Root

crt.sh -
https://crt.sh/?q=9A296A5182D1D451A2E37F439B74DAAFA267523329F90F9A0D2007C334E23C9A


Download - http://service.globaltrust.eu/static/globaltrust-2020.crt


*CP/CPS:*

Current CP is Version 2.0h / 15th January 2021

http://service.globaltrust.eu/static/globaltrust-certificate-policy.pdf

Current CPS is Version 2.0h / 15th January 2021

http://service.globaltrust.eu/static/globaltrust-certificate-practice-statement.pdf

Repository location: https://globaltrust.eu/certificate-policy/

*BR Self-Assessment* (PDF) is located here:

https://bugzilla.mozilla.org/attachment.cgi?id=9138392


*Audits:*

2020 audits are attached to Bug # 1627552
<https://bugzilla.mozilla.org/show_bug.cgi?id=1627552> and include the Key
Generation Report, the EV Readiness Audit, and the ETSI Audit Attestation,
which covered the period from 06/11/2019 until 04/01/2020. The next audit
is due 04/01/2021.

No misissuances were found under this root, and all subordinate
certificates passed technical tests satisfactorily.

Again, this email begins a three-week public discussion period, which I’m
scheduling to close on or about 26-February-2021.

Sincerely yours,

Ben Wilson

Mozilla Root Program

Ben Wilson

unread,
Feb 22, 2021, 3:51:40 PM2/22/21
to mozilla-dev-security-policy
Just a reminder that discussion is ongoing and scheduled to close this
Friday, 26-Feb-2021.

Ben Wilson

unread,
Feb 27, 2021, 3:08:26 PM2/27/21
to mozilla-dev-security-policy
On February 4, 2021, the public discussion period [Step 4 of the Mozilla
Root Store CA Application Process
<https://wiki.mozilla.org/CA/Application_Process>] began on e-commerce
monitoring’s inclusion request.

No questions or concerns have been raised and there are no open action
items for e-commerce monitoring to complete under Steps 5-8 of the
application process.

This is notice that I am closing the public discussion period [Step 9] and
that it is Mozilla’s intent to approve e-commerce monitoring’s request for
inclusion [Step 10].

This begins a 7-day “last call” period for any final objections.

Thanks,

Ben
Reply all
Reply to author
Forward
0 new messages