Based on the record in Bugzilla Case 1551703 and the CCADB Case 417 ( https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000417) , and receiving no further comments, I have recommended approval of this request to EV-enable the Identrust Commercial Root CA 1. See https://bugzilla.mozilla.org/show_bug.cgi?id=1551703#c13 <https://bugzilla.mozilla.org/show_bug.cgi?id=1551703#c13>
On Fri, Jul 31, 2020 at 10:28 AM Ben Wilson <bwil...@mozilla.com> wrote: > Today is the close of the comment period for the Identrust EV enablement > request. I don't believe we have received any comments, and I intend to > recommend that this request be approved unless there are any reasons why > the request should be denied. > Thanks, > Ben > > On Fri, Jul 10, 2020 at 4:05 PM Ben Wilson <bwil...@mozilla.com> wrote: > >> This is a request to EV-enable the IdenTrust Commercial Root CA 1, as >> documented here: >> >> https://bugzilla.mozilla.org/show_bug.cgi?id=1551703 >> >> * Summary of Information Gathered and Verified: >> >> >> https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000417 >> >> * SHA2 hash for Root CA Certificate: >> 5D56499BE4D2E08BCFCAD08A3E38723D50503BDE706948E42F55603019E528AE >> >> * Root Certificate Download URL: >> >> http://validation.identrust.com/roots/commercialrootca1.p7c >> >> * Identrust’s BR Self Assessment is located here: >> >> https://bugzilla.mozilla.org/attachment.cgi?id=9153636 (Excel >> Spreadsheet Download) >> >> * CPS: >> >> >> https://www.identrust.com/sites/default/files/resources/identrust_trustid_cps_v4.7.3_06.15.2020.pdf >> >> * Test Website: >> >> https://ev-valid.identrustssl.com/ >> >> * EV Policy OIDs: >> >> 2.16.840.1.113839.0.6.9, 2.23.140.1.1 >> >> * CRL URL: >> >> http://validation.identrust.com/crl/commercialrootca1.crl >> >> * OCSP URL: >> >> http://commercial.ocsp.identrust.com >> >> * Audit: >> >> A period of time WebTrust EV annual audit report was provided on August >> 16, 2019, by Schellman & Company, LLC, a licensed WebTrust auditor. That >> and other WebTrust audit reports are available from the bottom of the >> following applicant page: >> https://www.identrust.com/support/documents/trustid. >> >> >> I’ve reviewed the CPS, BR Self Assessment, and related information for >> this inclusion request. Comments and concerns regarding the CPS were >> satisfactorily addressed as noted in >> https://bugzilla.mozilla.org/show_bug.cgi?id=1551703. I now recommend >> that the IdenTrust Commercial Root CA 1 be enabled for Extended Validation >> treatment. >> >> >> This begins the 3-week comment period for this request. >> >> >> I will greatly appreciate your thoughtful and constructive feedback on >> Identrust’s request. >> >> Sincerely yours, >> >> Ben Wilson >> >> _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
