Thanks to all of you who have reviewed and commented on this request from DocuSign to include the following root certificates, turn on the Websites and Email trust bits for all of them, and enable EV treatment for all of them. + Certplus Root CA G1 - (SHA512, RSA4096) + Certplus Root CA G2 - (SHA384, ECC) + OpenTrust Root CA G1 - (SHA256, RSA4096) + OpenTrust Root CA G2 - (SHA512, RSA4096) + OpenTrust Root CA G3 - (SHA384, ECC)
I believe that all of the questions and concerns that were raised in this discussion have been resolved, or will be resolved in the next version of their CPS. I did not see any show-stoppers, so I propose that we move forward with approving and including the root certificates listed above, and in parallel I will track the CA's action item to update their CPS. Thanks, Kathleen _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
