All, Regarding the D-Trust Certification Practice Statement—instead of referencing the D-Trust Root PKI CPS, it should have referenced the CPS of the D-Trust CSM PKI, v.4.0, valid from 28-September-2023 ( https://www.d-trust.net/internet/files/D-TRUST_CSM_PKI_CPS.pdf) (from 19 July 2023, the CSM PKI CPS applies to certificates with policy levels QEVCP-w, QNCP-w, EVCP, OVCP and LCP).
Also, it didn’t mention the following Bugzilla bugs opened in the past 24 months: 1756122 <https://bugzilla.mozilla.org/show_bug.cgi?id=1756122> D-TRUST: Wrong key usage (Key Agreement) <https://bugzilla.mozilla.org/show_bug.cgi?id=1756122> RESOLVED [dv-misissuance] 1793440 <https://bugzilla.mozilla.org/show_bug.cgi?id=1793440> D-TRUST: CRL not DER-encoded <https://bugzilla.mozilla.org/show_bug.cgi?id=1793440> RESOLVED [crl-failure] 1861069 <https://bugzilla.mozilla.org/show_bug.cgi?id=1861069> D-Trust: Issuance of 15 DV certificates containing ‘serialNumber’ field within subject <https://bugzilla.mozilla.org/show_bug.cgi?id=1861069> OPEN [dv-misissuance] 1862082 <https://bugzilla.mozilla.org/show_bug.cgi?id=1862082> D-Trust: Delay beyond 5 days in revoking misissued certificate <https://bugzilla.mozilla.org/show_bug.cgi?id=1862082> OPEN [leaf-revocation-delay] Ben On Fri, Nov 3, 2023 at 9:39 AM Ben Wilson <bwil...@mozilla.com> wrote: > All, > > This email commences a six-week public discussion of D-Trust’s request to > include the following CA certificates as publicly trusted root certificates > in one or more CCADB Root Store Member’s program. This discussion period is > scheduled to close on December 15, 2023. > > The purpose of this public discussion process is to promote openness and > transparency. However, each Root Store makes its inclusion decisions > independently, on its own timelines, and based on its own inclusion > criteria. Successful completion of this public discussion process does not > guarantee any favorable action by any root store. > > Anyone with concerns or questions is urged to raise them on this CCADB > Public list by replying directly in this discussion thread. Likewise, a > representative of the applicant must promptly respond directly in the > discussion thread to all questions that are posted. > > CCADB Case Numbers: # 1000 > <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001000> > and # 1001 > <https://ccadb.my.salesforce-sites.com/mozilla/PrintViewForCase?CaseNumber=00001001> > > Organization Background Information (listed in CCADB): > > - > > CA Owner Name: D-Trust GmbH > - > > Website: https://www.d-trust.net/en > - > > Address: Kommandantenstr. 15, Berlin, 10969, Germany > - > > Problem Reporting Mechanisms: > - > > https://www.d-trust.net/en/support/reporting-certificate-problem > - > > Organization Type: D-Trust GmbH is a subsidiary of the Bundesdruckerei > Group GmbH (bdr) and is fully owned by the German State. > - > > Repository URL: https://www.bundesdruckerei.de/en/Repository > > Certificates Requested for Inclusion: > > 1. > > D-Trust SBR Root CA 1 2022: > - > > 384-bit ECC > - > > Certificate download links: (CA Repository > <http://www.d-trust.net/cgi-bin/D-Trust_SBR_Root_CA_1_2022.crt>, > crt.sh > > <https://crt.sh/?sha256=D92C171F5CF890BA428019292927FE22F3207FD2B54449CB6F675AF4922146E2> > ) > - > > Use cases served/EKUs: > - > > Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 > - > > Client Authentication 1.3.6.1.5.5.7.3.2 > - > > Document Signing AATL 1.2.840.113583.1.1.5 > - > > Document Signing MS 1.3.6.1.4.1.311.10.3.12 > > > > 1. > > D-Trust SBR Root CA 2 2022: > - > > 4096-bit RSA > - > > Certificate download links: (CA Repository > <http://www.d-trust.net/cgi-bin/D-Trust_SBR_Root_CA_2_2022.crt>, > crt.sh > > <https://crt.sh/?sha256=DBA84DD7EF622D485463A90137EA4D574DF8550928F6AFA03B4D8B1141E636CC> > ) > - > > Use cases served/EKUs: > - > > Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4 > - > > Client Authentication 1.3.6.1.5.5.7.3.2 > - > > Document Signing AATL 1.2.840.113583.1.1.5 > - > > Document Signing MS 1.3.6.1.4.1.311.10.3.12 > > Relevant Policy and Practices Documentation: > > - > > Certificate Policy - CP of D-Trust GmbH > <https://www.d-trust.net/internet/files/D-TRUST_CP.pdf>, v.5.1, valid > from 28-Sept-2023 > - > > Trust Services Practice Statement - TSPS of D-Trust > <https://www1.d-trust.net/internet/files/D-TRUST_TSPS.pdf>, v.1.8, > valid from 28-Sept-2023 > - > > Certification Practice Statement - CPS of the D-Trust Root PKI > <https://www1.d-trust.net/internet/files/D-TRUST_Root_PKI_CPS.pdf>, > v.3.10, valid from 31-May-2023 > > Most Recent Self-Assessment / CPS Review: > > - > > D-Trust - CCADB Self Assessment (v1.2) 2023 > <https://bugzilla.mozilla.org/attachment.cgi?id=9361619> (XLS) > (2-November-2023) > > Audit Statements: > > - > > Auditor: TÜV Informationstechnik GmbH > - > > Audit Criteria: > - > > ETSI EN 319 411-1, V1.3.1 (2021-05) > - > > ETSI EN 319 401, V2.3.1 (2021-05) > - > > Baseline Requirements, version 1.8.4 > - > > ETSI EN 319 403 V2.2.2 (2015-08) > - > > ETSI TS 119 403-2 V1.2.4 (2020-11) > - > > Date of Audit Issuance: December 16, 2022 > - > > For Period of Time: 2022-07-06 to 2022-10-07 > - > > Audit Statement(s): > - > > > > https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2022121606_D-Trust_SBR_Root_CA_1_2022.pdf > - > > > > https://www.tuvit.de/fileadmin/Content/TUV_IT/zertifikate/de/AA2022121607_D-Trust_SBR_Root_CA_2_2022.pdf > > > Thank you, > > Ben, on behalf of the CCADB Steering Committee > -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to public+unsubscr...@ccadb.org. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CA%2B1gtaYeT4hP8Yj1gNwbG68pA1CcjjZVaFy%3D5ds0aqi3JrU2Yg%40mail.gmail.com.
