This request is for inclusion of the certSIGN Root CA G2 certificate and to turn on the Websites trust bit and for EV treatment.
The request is documented in Bugzilla and in the CCADB as follows: https://bugzilla.mozilla.org/show_bug.cgi?id=1403453 https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000403 (Summary of info gathered and verified, URLs for test websites, etc.) * certSIGN’s BR Self Assessment is here: https://bugzilla.mozilla.org/attachment.cgi?id=9052673 The Certsign document repository can be found here: https://www.certsign.ro/en/certsign-documents/policies-procedures * Root Certificate Locations: http://crl.certsign.ro/certsign-rootg2.crt http://registru.certsign.ro/certcrl/certsign-rootg2.crt http://www.certsign.ro/certcrl/certsign-rootg2.crt https://crt.sh/?q=657CFE2FA73FAA38462571F332A2363A46FCE7020951710702CDFBB6EEDA3305 https://censys.io/certificates/657cfe2fa73faa38462571f332a2363a46fce7020951710702cdfbb6eeda3305/pem * EV Policy OID: 2.23.140.1.1 * CRL URL: http://crl.certsign.ro/certsign-rootg2.crl * OCSP URL: http://ocsp.certsign.ro * Audit: See https://bugzilla.mozilla.org/attachment.cgi?id=9142635 ( http://lsti-certification.fr/images/LSTI_Audit_Atttestation_Letter_1612-163_V10_Certsign_S.pdf) which shows that a recent annual audit was performed on the certSIGN Root CA G2 by LSTI Group according to ETSI EN 319 411-2, V2.2.2 (2018-04)”, “ETSI EN 319 411-1, V1.2.2 (2018-04)” and “ETSI EN 319 401, V2.2.1 (2018-04)” as well as the CA/Browser Forum’s “EV SSL Certificate Guidelines, version 1.7.1” and “Baseline Requirements, version 1.6.7” considering the requirements of the “ETSI EN 319 403, V2.2.2 (2015-08)” for the Trust Service Provider Conformity Assessment. * CP/CPS Review Ryan Sleevi conducted a preliminary review the PKI Disclosure Statement and CPS - https://bugzilla.mozilla.org/show_bug.cgi?id=1403453#c13 I followed up, and now Comment #24 in Bugzilla shows the latest responses from Certsign - https://bugzilla.mozilla.org/show_bug.cgi?id=1403453#c24 This begins the 3-week comment period for this request. I will greatly appreciate your thoughtful and constructive feedback on the acceptance of this root into the Mozilla CA program. Thanks, Ben _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy