This is to announce the beginning of the public discussion phase ( https://wiki.mozilla.org/CA/Application_Process#Process_Overview, (Steps 4 through 9)) of the Mozilla root CA inclusion process for e-commerce monitoring GmbH’s GLOBALTRUST 2020 Root CA.
e-commerce monitoring operates as "GlobalTrust", which was previously operated by Austrian Society for Data Protection - Arge Daten. According to the Applicant, Arge-Daten was the owner of the older "GlobalTrust" roots, which are not part of this application. This application has been tracked in the CCADB and in Bugzilla - https://bugzilla.mozilla.org/show_bug.cgi?id=1627552. e-commerce monitoring’s GLOBALTRUST 2020 Root is proposed for inclusion with the websites trust bit (with EV) and the email trust bit. Mozilla is considering approving e-commerce monitoring’s request. This email begins the 3-week comment period, after which, if no concerns are raised, we will close the discussion and the request may proceed to the approval phase (Step 10). *A Summary of Information Gathered and Verified appears here in this CCADB case:* https://ccadb-public.secure.force.com/mozilla/PrintViewForCase?CaseNumber=00000568 *Root Certificate Information:* GLOBALTRUST 2020 Root crt.sh - https://crt.sh/?q=9A296A5182D1D451A2E37F439B74DAAFA267523329F90F9A0D2007C334E23C9A Download - http://service.globaltrust.eu/static/globaltrust-2020.crt *CP/CPS:* Current CP is Version 2.0h / 15th January 2021 http://service.globaltrust.eu/static/globaltrust-certificate-policy.pdf Current CPS is Version 2.0h / 15th January 2021 http://service.globaltrust.eu/static/globaltrust-certificate-practice-statement.pdf Repository location: https://globaltrust.eu/certificate-policy/ *BR Self-Assessment* (PDF) is located here: https://bugzilla.mozilla.org/attachment.cgi?id=9138392 *Audits:* 2020 audits are attached to Bug # 1627552 <https://bugzilla.mozilla.org/show_bug.cgi?id=1627552> and include the Key Generation Report, the EV Readiness Audit, and the ETSI Audit Attestation, which covered the period from 06/11/2019 until 04/01/2020. The next audit is due 04/01/2021. No misissuances were found under this root, and all subordinate certificates passed technical tests satisfactorily. Again, this email begins a three-week public discussion period, which I’m scheduling to close on or about 26-February-2021. Sincerely yours, Ben Wilson Mozilla Root Program _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
