Thanks to all of you who reviewed and commented on this request from DocuSign to include the following root certificates, turn on the Websites and Email trust bits for all of them, and enable EV treatment for all of them. + Certplus Root CA G1 - (SHA512, RSA4096) + Certplus Root CA G2 - (SHA384, ECC) + OpenTrust Root CA G1 - (SHA256, RSA4096) + OpenTrust Root CA G2 - (SHA512, RSA4096) + OpenTrust Root CA G3 - (SHA384, ECC)
I am not aware of any issues that would prevent us from moving forward with this request. Therefore, I will recommend approval in the bug. https://bugzilla.mozilla.org/show_bug.cgi?id=1025095 I will track the CA's 2 action items in the bug, in parallel with the rest of the inclusion process. 1) Update CPS to address the concerns raised in this discussion. 2) Update cert issuance process to prevent use of PrintableString, and enforce use of UTF8String instead. Any further follow-up on this request should be added directly to the bug. Thanks, Kathleen _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
